FAQ: Ruckus AP Device Certificate Refresh

Summary

Device certificates on Ruckus APs manufactured prior to January 2016 may require a certificate refresh prior to November 2016 to avoid service interruption.

Question

FAQ: Ruckus AP Device Certificate Refresh

Customer Environment

Certain Ruckus APs manufactured before January 2016.

Root Cause

Ruckus original Device certificates expire on November 2016, and if not refreshed, can interupt service communications between APs and SmartZone controllers.

Troubleshooting Steps

SmartZone 3.0.5, 3.1.2, 3.2.1 and ZD 9.13 include the ability to identify and notify admin that APs need Certificate Refresh.

Workaround

AP certificate check can be disabled on SmartZone controllers, but is only suggested in order to add APs with expired certificates after Nov 27, 2016,
when the AP certificates should be refreshed following the procedures in this article, and AP cert-check re-enabled.

ZoneDirector 9.13+ can identify APs in need of certificate refresh, but the APs must/can only be updated via SmarrtZone 3.0.5, 3.1.2, 3.2.1, 3.4+ controllers.

Resolution

View the attached FAQ document describing affected devices and the impact of AP certificate refresh.

A summary of the steps to update AP certificates, from SZ Administration/AP Certificate Refresh page.

1.  Export AP Certificate Replacement Request (.req) file (NO parentheses or other special characters)
2.  Navigate to https://certrenewal.ruckuswireless.com/ , provide return email address and Upload .req export file
4.  Email recipient will receive the AP certificate Response (.res) file to Import
5.  For further information, please refer to https://support.ruckuswireless.com/certificate

NOTE: The AP Response file must not contain any parentheses or special characters.
If Browser does not warn if previous copy of file exists, but adds (1),(2),etc to filenames,
remove these characters before submitting the .req files.

User-added image

NOTE: Depending on number of APs, uploading new Certs may take some time to finish (up to several hours).

Administrators are strongly encouraged to upgrade controllers to a version with Certificate Refresh capability.

Unless updated, after Nov 27th 2016, APs with datecode Serial Numbers prior to those shown in the table below
will require that the certificate check be temporarily disabled on the SmartZone controller in order for the APs to join.
Additionally, any APs with datecodes prior to 2016 may require a certificate refresh (accomplished via the certificate
refresh feature available in SmartZone controllers).

3516xxxxxxxx     - R510, R710, T710
3616xxxxxxxx     - H510
3916xxxxxxxx     - R500, R600, T300, T301
4116xxxxxxxx     - 7372, 7372e, 7782, H500, R300, R310, R700

ZoneDirector 9.13+ has the ability to identify and report an AP certificate status, but AP/ZD communications do not
require certificate check in order for APs to join or receive updates.  ZDs can help identify APs for certificate refresh,
for customers who are or might be planning to migrate from ZoneDirector to SmartZone controller management in the
future.

Related Article: KBA-6099: Ruckus Certificate Replacement Flowchart



 

Attachment

CertReplacementFAQ-RevC-20161013.pdf
application/pdf
Download
(89.4 KB)

Related Articles

KBA-6099: Ruckus AP Certificate Replacement Flowchart

Article Number:
000005390

Updated:
November 28, 2016 02:13 PM (12 months ago)

Answer Attachment
Download
(89.4 KB)

Tags:
Configuration, Firmware, System Network Management, Known Issues and Workarounds, Registration, ZoneDirector, ZoneFlex Indoor, ZoneFlex Outdoor, SmartCell Gateway, SmartCell AP, virtual SmartCell Gateway, SZ100

Votes:
3

This article is:
helpful
not helpful

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.