Custom Certificate Support on RAP

By esupport posted Mar 31, 2015 08:56 PM


What is Customer Support Certificate on RAP?  What are the procedures to be followed while naming and uploading the certificate in USB?


Customer Support Certificate is a new feature introduced in AOS for Customized certificate based Authentication of RAP from AOS 6.3.

  1. In 6.3, Administrator can provision to configure RAP with custom certificates (new feature introduced).
  2. RAP supports AES-GCM algorithm and custom RSA certificates for authentication.
  3. RAP supports Chained Certificates upto one level.
  4. RAPs can be provisioned with Custom Certificate in two ways
    1.  Uploading certificates (RSA/ECDSA) from LD Page
    2. Copying Certificate(RSA/ECDSA) to USB stick
  5. Uploading Certificates through LD Page
    1.    User can upload certificates either generating CSR and get it signed by CA or uploading directly PCKS12 bundle certificate
    2.    RAP supports DER,PEM  and PKCS12 formats for uploading certificates
    3.    User can import the certificate with/without pkcs12 passphrase while uploading PKCS12 bundle certificate
  6. Configuration for USB certificate Store
    1.   Copy PKCS12 certificate bundle to USB stick
    2.   Ensure certificate file name should start with that particular RAP’s MAC address
    3.   Example:
    4.   If RAP’s eth0 MAC address is 00:0b:86:c2:00:6c, then the file name as 000B86C2006C.p12 or 000B86C2006C_rap155.p12
    5.   If user unplug the USB stick then RAP will be down
    6.   User needs to reboot the RAP if he/she unplug and plug USB stick from RAP to come up again with custom certificate