RADIUS Server Certificates

The Setting RADIUS Server Certificates Screen displays information about all RADIUS Server Certificates and is used to add, activate, and delete a certificate in the RADIUS Server in UPAM for 802.1X or TLS authentication. You can also download an imported certificate to your computer.

Adding a Certificate

Click on the Add icon to bring up the Create RADIUS Server Certificates Screen. Click on the Upload button to upload a CA File, then click on the Import button to import the file into UPAM. Repeat the process to upload and import the Server File and Server Key File.

Enter a Name for the Certificate and a Private Key Password to encrypt the key file when generating the Server File, then click on the Create button. The certificate can now be activated.

Note: If you use the default certificate, the password is "password".

Note: If necessary, you can generate a new RADIUS Server Certificate.

Activating a Certificate

Select a certificate in the RADIUS Server Certificates List and click on the Activate button. You can have only one active certificate at a time. If you activate a new certificate, it replaces the previously-activated certificate.

Deleting a Certificate

Select a Certificate in the RADIUS Server Certificates List and click on the Delete icon. Click OK at the Confirmation Prompt. Note that you cannot delete an active certificate. You must first activate a different certificate before you can delete it.

Downloading a Certificate

You can download an imported certificate from the RADIUS Server Certificates List to your machine. Select the certificate in the list and click on the Download button. The certificate will be downloaded to your designated Download folder.

Generating a Certificate

Follow the steps below to generate a RADIUS Server Certificate.

1. Generate the root key: openssl genrsa -out rootCA.key 2048.

2. Generate the root CA certificate: openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3560 -out rootCA.pem.

3. Generate a private Key for RADIUS: openssl genrsa -des3 -out radius_server.key 2048 (enter password "switch" or any desired password).

4. Generate a CSR (Certificate Signing Request): openssl req -new -key radius_server.key -out radius_server.csr -sha256.

5. Sign and generate RADIUS certificate using the root CA key created at the Step 1: openssl x509 -req -in radius_server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out radius_server.crt -days 3560 -sha256.

6. Add and activate the certificate.

RADIUS Certificate List

The RADIUS Certificate List displays information about all imported RADIUS Certificates.

• Name - Identifier for the certificate in UPAM.
• CA File Name - The name of the uploaded CA Certificate file.
• Server File Name - The name of certificate file in the RADIUS server. The Server File contains the contents of the Sever Certificate file and the Server Key file.
• Type - The type of certificate file stored in the RADIUS server.
• Issued By - The certification authority (CA) that issued the certificate.
• Issued To - The entity to which the certificate is assigned.
• Validity Start Time - The start date and time when the certificate is valid.
• Validity Stop Time -  The end date and time when the certificate is valid.
• Using Status - Indicates whether the certificate is effective in the RADIUS server. Can be activated by administrator.
• Expiry Status - Indicates whether the certificate is Expired or Unexpired.