LogoLogo
LogoLogo
  • Welcome
  • Details
  • Configuration
    • Getting Started
      • Generic Guide
      • Scenario-based Guides
        • Microsoft Cloud PKI
        • SCEPman PKI
    • Access Point Setup
      • RadSec
        • Aruba
        • FortiNet
        • Juniper Mist
        • Meraki
        • MikroTik
        • Ruckus
        • UniFi
      • RADIUS
        • ExtremeCloud IQ CoPilot
        • Meraki
        • Sophos UTM
        • UniFi
    • Server Certificate Renewal
  • Admin Portal
    • Home
    • Insights
      • Rule Engine
      • Logs
    • Users
    • Settings
      • Server Settings
      • Trusted Certificates
      • Proxy Settings
      • Permissions
      • User Settings
      • Rules
        • General Structure
        • WiFi
        • LAN
        • VPN
      • Log Exporter
        • Teams
        • Log Analytics
        • Generic Webhook
        • Examples
    • My Invited Users
  • Profile Deployment
    • Microsoft Intune
      • Server Trust
      • WiFi Profile
        • Windows
        • iOS/iPadOS & macOS
        • Android
      • Wired Profile
        • Windows
        • macOS
    • Jamf Pro
      • Server Trust
      • WiFi Profile
      • Wired Profile
    • Google Workspace
      • Server Trust
      • WiFi Profile
  • Other
    • Troubleshooting
    • FAQs
      • General
      • Log & Common Errors
      • MAC Authentication
      • Blast-RADIUS Vulnerability
      • OCSP Soft-fail Consequences
      • Security & Privacy
    • REST API
      • External Monitoring
    • Changelog
  • Licensing
    • Azure Marketplace
  • Support & Service Level
  • RADIUSaaS Website
Powered by GitBook
On this page
  • Prepare certificates
  • Mist configuration
  • A complete walk-through

Was this helpful?

  1. Configuration
  2. Access Point Setup
  3. RadSec

Juniper Mist

Last updated 6 months ago

Was this helpful?

Prepare certificates

To establish a valid RadSec connection, your Access Points must trust the RADIUS Server Certificate and your RADIUS server must trust your RadSec Client Certificate. To achieve this,

  1. Download the root certificate of the CA that has issued your active RADIUS Server Certificate as described .

  2. Create a RadSec Client Certificate for your Access Points. If you are using SCEPman Certificate Master, the process is described .

Ensure to monitor the expiry of your RadSec Client Certificate and renew it in due time to prevent service interruptions.

  1. Add the root certificate of the CA that has issued the RadSec Client Certificate to your RADIUS instance as described and select RadSec under Use for. In case the RadSec Client Certificate has been issued by SCEPman and you already trust the SCEPman Root CA for client authentication, simply edit the trusted SCEPman Root CA certificate and select Both under Use for.

Mist configuration

Below settings are the necessary settings to establish a functional RadSec connection with our service. Configure any other settings at your discretion.

  1. Navigate to your Mist configuration plane.

  2. To configure the relevant certificates, navigate to Organization > Settings.

  3. Add the root certificate of the CA that has issued your RADIUS Server Certificate under RadSec Certificate.

  4. Add your RadSec Client Certificate (created in step 2 under ) to AP RadSec Certificate.

  5. Go to Site > WLANs.

  6. Create a new WLAN if you have not already created one for which you want to leverage RADIUS authentication against our service.

  7. Select Enterprise (802.1X) as Security Type.

  8. Under RadSec, select Enabled and set the Server Name to the SAN attribute of your RADIUS Server Certificate.

  9. For Server Addresses use either the IP address or the DNS name of your .

A complete walk-through

here
Prepare Certificates
here
RadSec service endpoint
here