This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Radsec established but no certificate

Radsec established but no certificate

Go to solution
marek_szymonski
New Contributor

‎04-11-2018 09:01 AM

Hi,

 

I'm reffering to this topic in old HiveNation community (https://community.aerohive.com/aerohive/topics/radsec-established-but-no-certificate). There is a procedure described how to fix lack of certificate from Radsec on AP:

 

1) Clear the key

clear aaa radius-server-key radsec ca

clear aaa radius-server-key radsec root-ca

 

2) Upload the new CA 

Upload the new CA: Monitor > Actions > Download CA

 

3) Complete Upload

 

4) Reboot

 

I'm using HM 6.8r7a and there is no Monitor > Actions > Download CA.

 

I tried Complete configuration update and Clear ID Manager credentials but no luck.

All required ports are opened and problem is only on some APs 250

 

#sh idm

IDM client: Enabled Per SSID

IDM Proxy IP: 10.66.164.36

IDM proxy: Disabled

RadSec Certificate state: Not exist

 

Please advice how to get RadSec certificate.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
marek_szymonski
New Contributor

‎04-12-2018 07:03 AM

Well, it didn't work in my case. Complete upload did not pull certs from IDM servers.

 

All APs are in the same subnet. 2 of them were automaticaly elected as ID Manager Proxy Server and they are fine. Rest of access points – some of them have Radsec certificate and some don’t.

 

I managed to fix it this way:

 

  • I applied network policy that contains IDManager settings only to 2 APs in subnet. They were automaticaly elected as Proxy Servers and downloaded certificate. Then I repeated that procedure for rest of APs. They all have now valid certificate.

 

Disadvantage of this solution is completion time. It takes a lot of time if you have many APs on site. 

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
marek_szymonski
New Contributor

‎04-12-2018 07:03 AM

Well, it didn't work in my case. Complete upload did not pull certs from IDM servers.

 

All APs are in the same subnet. 2 of them were automaticaly elected as ID Manager Proxy Server and they are fine. Rest of access points – some of them have Radsec certificate and some don’t.

 

I managed to fix it this way:

 

  • I applied network policy that contains IDManager settings only to 2 APs in subnet. They were automaticaly elected as Proxy Servers and downloaded certificate. Then I repeated that procedure for rest of APs. They all have now valid certificate.

 

Disadvantage of this solution is completion time. It takes a lot of time if you have many APs on site. 

0 Kudos

Go to solution
samantha_lynn
Esteemed Contributor III

‎04-11-2018 02:42 PM

I'm sorry for the confusion, those instructions are for HiveManager NG and it sounds like you are using HiveManager Classic. These are different platforms so they sometimes have different procedures. If you run those two commands in step one, go ahead and skip step two, and move directly to step three. The AP will pull the certs from the IDM servers automatically, so you should accomplish the same thing by just clearing the certs and pushing out a complete configuration (which requires a reboot).

 

Hope that helps.

0 Kudos
GTM-P2G8KFN