Before your access points are able to establish a valid RadSec session, there are requirements that must be met, regardless of which manufacturer your access points are from.
- Access Points require a valid client certificate (typically referred to as "RadSec certificate"). The client certificate must have the EKU Client Authentication (220.127.116.11.18.104.22.168.2) and not Server Authentication.
- Access Points must trust the CA that has issued your RADIUS server certificate.
- RADIUSaaS needs to trust the CA that has issued the client certificate on your Access Points.