What is Customer Support Certificate on RAP? What are the procedures to be followed while naming and uploading the certificate in USB?
Customer Support Certificate is a new feature introduced in AOS for Customized certificate based Authentication of RAP from AOS 6.3.
- In 6.3, Administrator can provision to configure RAP with custom certificates (new feature introduced).
- RAP supports AES-GCM algorithm and custom RSA certificates for authentication.
- RAP supports Chained Certificates upto one level.
- RAPs can be provisioned with Custom Certificate in two ways
- Uploading certificates (RSA/ECDSA) from LD Page
- Copying Certificate(RSA/ECDSA) to USB stick
- Uploading Certificates through LD Page
- User can upload certificates either generating CSR and get it signed by CA or uploading directly PCKS12 bundle certificate
- RAP supports DER,PEM and PKCS12 formats for uploading certificates
- User can import the certificate with/without pkcs12 passphrase while uploading PKCS12 bundle certificate
- Configuration for USB certificate Store
- Copy PKCS12 certificate bundle to USB stick
- Ensure certificate file name should start with that particular RAP’s MAC address
- If RAP’s eth0 MAC address is 00:0b:86:c2:00:6c, then the file name as 000B86C2006C.p12 or 000B86C2006C_rap155.p12
- If user unplug the USB stick then RAP will be down
- User needs to reboot the RAP if he/she unplug and plug USB stick from RAP to come up again with custom certificate