# Aruba

## Prepare certificates

To establish a valid RadSec connection, your Access Points must trust the **RADIUS Server Certificate** and your RADIUS server must trust your **RadSec Client Certificate**. To achieve this,

1. Download the root certificate of the CA that has issued your active **RADIUS Server Certificate** as described [here](/admin-portal/settings/settings-server.md#download).
2. Create a **RadSec Client Certificate** for your WAPs (centrally managed via Aruba Central). If you are using **SCEPman Certificate Master**, the process is described [here](https://docs.scepman.com/certificate-deployment/certificate-master/client-certificate-pkcs-12). 

{% hint style="warning" %}
Ensure to monitor the expiry of your **RadSec Client Certificate** and renew it in due time to prevent service interruptions.
{% endhint %}

3. Add the root certificate of the CA that has issued the **RadSec Client Certificate** to your RADIUS instance as described [here](/admin-portal/settings/trusted-roots.md#add) and select **RadSec** under **Use for**.\
   In case the **RadSec Client Certificate** has been issued by SCEPman and you already trust the SCEPman Root CA for client authentication, simply edit the trusted SCEPman Root CA certificate and select **Both** under **Use for**. 

## Aruba Central configuration

{% hint style="info" %}
Below settings are the necessary settings to establish a functional RadSec connection with our service. Configure any other settings at your discretion.
{% endhint %}

For general information on how to import certificates to your Aruba platform, please refer to their documentation:

{% embed url="<https://www.arubanetworks.com/techdocs/ArubaOS_85_Web_Help/Content/arubaos-solutions/manage-utilities/impo-cert.htm>" %}

1. Import the root certificate of the CA that has issued your **RADIUS Server Certificate** with the type **CA certificate**.

   <figure><img src="/files/1rfJGPVGZCll1lH3TfIK" alt=""><figcaption></figcaption></figure>
2. Import the **RadSec Client Certificate** (created in step 2 under [Prepare Certificates](#prepare-certificates)) with the type **Server certificate**.

   <figure><img src="/files/m3LMHPsdAfyfGTwMCGFS" alt=""><figcaption></figcaption></figure>
3. Under **Access Points >** **Security** select the imported **RadSec Client Certificate** for **RadSec** and the RADIUS root CA certificate for **RadSec Certificate Authority**.

   <figure><img src="/files/dTYUZGnDKaEYvZgQC8Qp" alt=""><figcaption></figcaption></figure>
4. For the RADIUS server configuration, enable **RadSec** and choose either the IP address or the DNS name of your [RadSec service endpoint](/admin-portal/settings/settings-server.md#properties).

   <figure><img src="/files/G2WDrgI1lTRDSMTQiKis" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.radiusaas.com/configuration/access-point-setup/radsec-available/aruba.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.