AP Device Certificate Refresh page

The device certificate installed on all Ruckus APs manufactured prior to March 2014 expires in November 2016. 

All affected APs will require a certificate refresh prior to November 2016 to avoid service interruption. To determine to what extent your APs and Controllers are affected use the Impact Analysis table included in the AP Device Certificate Refresh FAQ located at this link.

A device certificate refresh feature is included in and above the following controller software versions :

While there is no limit to the number of APs that you may refresh at once with this feature it is recommended to use the Search Terms box in SZ UI or Range box in ZD UI to limit the scope of APs to manageable groups. Please be aware the process refreshes AP device certificates  in turn (not simultaneously) when planning for the outages that occur as APs reboot after each is updated. 

The following steps summarizes the Ruckus Wireless AP certificate refresh process for ZD and SZ/SCG controller types.

1. Navigate to your device's Administration - AP Certificate Replacement WebUI page. 

2. Use the Export button to generate the AP Certificate Replacement Request (.req) file. 

3. Rename the .req request file generated as all files generated for the same controller have the same filename. An easy way to differentiate each request file is by renaming it to include any Search Terms you may have used eg <filename>-R500.req or other unique identifier. Special characters including parentheses are NOT SUPPORTED.

4.  Navigate to https://certrenewal.ruckuswireless.com/  and provide return email address and Upload the .req export file .

5.  Email recipient will receive the AP Certificate Response (.res) file download link. 

6.  To commence refreshing your APs import the .res file via your device's AP Certificate Replacement WebUI Page (SZ) or Import Ruckus PKI Certificate Package under Configuration - Certificate - Advanced Options WebUI page (ZD).

7.  Monitor Certificate Status page in UI for progress of the refresh procedure.

Note:  Each AP included in the imported request file will restart in turn after certificate replacement completes.  Average time taken per AP to come back online is approximately the same time taken for a user initiated AP restart action.

Note : v)SZ Controllers with Legacy Zones and older APs may need to run a script to allow these Legacy Zones to detect and update APs in these zones. 

Please refer: https://support.ruckuswireless.com/answers/000006143 for more information

While FM software operation has no dependency on AP device certificate version it requires the latest root chain to be bundled with any managed ZD or AP.

For HTTPS communication to succeed with ZDs and APs running 9.13 software or above FM software must be also upgraded to version 9.13 or above.

Due to SSL version compatibility requirements :

1.  Upgrade FM release to 9.10.2 or 9.12.2

2.  Upgrade ZD to 9.10.2 or 9.12.2

3.  Upgrade FM from 9.10.2 or 9.12.2 to 9.13

4.  Optional (recommended) upgrade ZD to 9.13 

Standalone/Unmanaged APs require the new AP device certificate for HTTPS communication to continue to function without an "untrusted certificate" warning appearing.

For affected standalone APs it is safe to click through any untrusted certificate warning that may appear. A standalone AP device certificate will be made available in the near future to address this issue.