1. While I am updating the certificates, will the subscriber nodes stop responding to RADIUS requests? I would expect the nodes to continue operating normally as long as the root CA certificate or certificate chain does not need to change.
There is a HTTPS certificate and a RADIUS certificate on each node, in your case, you are replacing the HTTPS certificate, which won't affect in any matter RADIUS authentication using EAP-TLS or EAP-PEAP.
Replacing HTTPS certificate will have effect on the Management of the nodes and also Captive Portal. If you are unsure and have a backup/lab node, start with it and test your cert to make sure it's working.
2. After the certificates are all installed, will the cluster continue to operate as before without futher configuration?
Thanks.
Yes :)