FAQ: Ruckus AP Device Certificate Refresh

Summary

Device certificates on Ruckus APs manufactured prior to January 2016 may require a certificate refresh prior to November 2016 to avoid service interruption.

Question

FAQ: Ruckus AP Device Certificate Refresh

Customer Environment

Certain Ruckus APs manufactured before January 2016.

Root Cause

Ruckus original Device certificates expire on November 2016, and if not refreshed, can interupt service communications between APs and SmartZone controllers.

Troubleshooting Steps

SmartZone 3.0.5, 3.1.2, 3.2.1 and ZD 9.13 include the ability to identify and notify admin that APs need Certificate Refresh.

Workaround

AP certificate check can be disabled on SmartZone controllers, but is only suggested in order to add APs with expired certificates after Nov 27, 2016,
when the AP certificates should be refreshed following the procedures in this article, and AP cert-check re-enabled.

ZoneDirector 9.13+ can identify APs in need of certificate refresh, but the APs must/can only be updated via SmarrtZone 3.0.5, 3.1.2, 3.2.1, 3.4+ controllers.

Resolution

View the attached FAQ document describing affected devices and the impact of AP certificate refresh.

A summary of the steps to update AP certificates, from SZ Administration/AP Certificate Refresh page.

1.  Export AP Certificate Replacement Request (.req) file (NO parentheses or other special characters)
2.  Navigate to https://support.ruckuswireless.com/contact-us and open a support case.
3.  Provide the .req file to support.
4. Support will get you the .req file and you can apply the same to controller/AP to replace the devise certificate.

NOTE: The AP Response file must not contain any parentheses or special characters.
If Browser does not warn if previous copy of file exists, but adds (1),(2),etc to filenames,
remove these characters before submitting the .req files.

User-added image

NOTE: Depending on number of APs, uploading new Certs may take some time to finish (up to several hours).

Administrators are strongly encouraged to upgrade controllers to a version with Certificate Refresh capability.

Unless updated, after Nov 27th 2016, APs with datecode Serial Numbers prior to those shown in the table below
will require that the certificate check be temporarily disabled on the SmartZone controller in order for the APs to join.
Additionally, any APs with datecodes prior to 2016 may require a certificate refresh (accomplished via the certificate
refresh feature available in SmartZone controllers).

3516xxxxxxxx     - R510, R710, T710
3616xxxxxxxx     - H510
3916xxxxxxxx     - R500, R600, T300, T301
4116xxxxxxxx     - 7372, 7372e, 7782, H500, R300, R310, R700

ZoneDirector 9.13+ has the ability to identify and report an AP certificate status, but AP/ZD communications do not
require certificate check in order for APs to join or receive updates.  ZDs can help identify APs for certificate refresh,
for customers who are or might be planning to migrate from ZoneDirector to SmartZone controller management in the
future.

Related Article: KBA-6099: Ruckus Certificate Replacement Flowchart



 

Attachment 1

CertReplacementFAQ-RevC-20161013.pdf
application/pdf
Download
(89.4 KB)

Related Articles

KBA-6099: Ruckus AP Certificate Replacement Flowchart

Article Number:
000005390

Updated:
July 12, 2022 08:25 AM (about 1 year ago)

Answer Attachment 1
CertReplacementFAQ-RevC-20161013.pdf
application/pdf
Download
(89.4 KB)

Tags:
Configuration, Firmware, System Network Management, Known Issues and Workarounds, Registration, ZoneDirector, ZoneFlex Indoor, ZoneFlex Outdoor, SmartCell Gateway, SmartCell AP

Votes:
3

This article is:
helpful
not helpful

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.