Aruba
Last updated
Last updated
To establish a valid RadSec connection, your Access Points must trust the RADIUS Server Certificate and your RADIUS server must trust your RadSec Client Certificate. To achieve this,
Download the root certificate of the CA that has issued your active RADIUS Server Certificate as described here.
Create a RadSec Client Certificate for your WAPs (centrally managed via Aruba Central). If you are using SCEPman Certificate Master, the process is described here.
Ensure to monitor the expiry of your RadSec Client Certificate and renew it in due time to prevent service interruptions.
Add the root certificate of the CA that has issued the RadSec Client Certificate to your RADIUS instance as described here and select RadSec under Use for. In case the RadSec Client Certificate has been issued by SCEPman and you already trust the SCEPman Root CA for client authentication, simply edit the trusted SCEPman Root CA certificate and select Both under Use for.
Below settings are the necessary settings to establish a functional RadSec connection with our service. Configure any other settings at your discretion.
For general information on how to import certificates to your Aruba platform, please refer to their documentation:
Import the root certificate of the CA that has issued your RADIUS Server Certificate with the type CA certificate.
Import the RadSec Client Certificate (created in step 2 under Prepare Certificates) with the type Server certificate.
Under Access Points > Security select the imported RadSec Client Certificate for RadSec and the RADIUS root CA certificate for RadSec Certificate Authority.
For the RADIUS server configuration, enable RadSec and choose either the IP address or the DNS name of your RadSec service endpoint.
