Certificates - UPAM

The RADIUS Certificates screen displays information about all RADIUS Server and RadSec Certificates. Use this screen to add, download, and delete the following UPAM RADIUS Server certificates:

RADIUS Server Certificate - Used to establish a secure connection with a network device for 802.1X or TLS authentication.
RadSec Cretificate - Used to establish a secure connection between UPAM and an external RADIUS server that uses RadSec (RADIUS-over-TLS). UPAM acts as a RadSec client when communicating with the RadSec server (see the External RADIUS Server online help for more information).

To manage RADIUS certificates, click on Network Access > UPAM-NAC > Certificates under the “Configure” section of the OmniVista Cirrus Menu.

The Certificates screen provides a separate tab for each of the two types of certificates. Click on the desired tab to view existing certificates and/or add new ones.

Adding a Certificate

Click on one of the two tabs shown to select which certificate you want to create and upload.

Adding a RADIUS Server Certificate

A default certificate (“Default RADIUS Certificate”) is made available at the time the Organization is created. However, it is strongly recommended that you install custom certificates.

To add a custom certificate, select the RADIUS Server Certificate tab on the Certificates screen, then click on Add Certificate to open the following screen to define the certificate information:

Complete the fields as described below, then click on Add Certificate.

Name - Enter a name to identify the certificate.
CA Files - Click on Browse to locate and import the RADIUS Server's CA Certificate (PEM or DER encoded certificates only).
Server Certificate File - Click on Browse to locate and import the Certificate File (PEM or DER encoded certificates only).
Server Private Key File - Click on Browse to locate and import the Certificate Private Key File.
Private Key Password - Enter a Private Key Password to encrypt the key file when generating the CA File.
Confirm Private Key Password - Re-enter the Private Key password.

If necessary, you can generate a new RADIUS Server Certificate.

Adding a RadSec Certificate

Select the RadSec Certificate tab on the Certificates screen, then click on Add Certificate to open the following screen to define the certificate information:

Complete the fields as described below, then click on Add Certificate.

Name - Enter a name to identify the certificate.
CA Files - Click on Browse to locate and import the RADIUS Server's CA Certificate (PEM or DER encoded certificates only).
Client Certificate File - Click on Browse to locate and import the Certificate File (PEM or DER encoded certificates only).
Client Private Key File - Click on Browse to locate and import the Certificate Private Key File.
Private Key Password - Enter a Private Key Password to encrypt the key file when generating the CA File.
Confirm Private Key Password - Re-enter the Private Key password.

Downloading a Certificate

You can download a certificate from the RADIUS Server Certificates List or from the RadSec Certificates List to your machine. Select the certificate in the list and click on the download icon under the “Actions” column.

The certificate will be downloaded to your designated Download folder.

Deleting a Certificate

Select a certificate in the RADIUS Server Certificates List or in the RadSec Certificates List and click on the Delete icon under the “Actions” column.

Click Delete at the Confirmation Prompt. Note that you cannot delete an active (“being used”) certificate. You must first activate a different certificate before you can delete it.

Generating a RADIUS Server Certificate

To display instructions on how to create a RADIUS Server Certificate, click on the How to generate a RADIUS Server Certificate link on the RADIUS Server Certificate Information screen.

The following instructions are displayed:

Follow these instructions to generate a RADIUS Server Certificate.

Certificate List

The RADIUS Server Certificate List displays the following information for each certificate:

Name - Identifier for the certificate in UPAM.
Created At - The date and time the certificate was added.
CA File Name - The name of the uploaded CA Certificate file.
Server Certificate File - The name of certificate file in the RADIUS server. The Server File contains the contents of the Sever Certificate file and the Server Key file.
Server Private Key File - The name of the Server Key file.
Type - The type of certificate file stored in the RADIUS server (RADIUS certificate or RadSec Client).
Usage Status - Indicates whether the certificate is “Being Used” or “Not Used” in the RADIUS server.
Validity Start Time - The start date and time when the certificate is valid.
Validity End Time - The date and time after which the certificate is no longer valid.
Issued By - The certification authority (CA) that issued the certificate.
Issued To - The entity to which the certificate is assigned.

The RadSec Certificate List displays the following information for each certificate:

Name - Identifier for the certificate in UPAM.
Created At - The date and time the certificate was added.
Validity Start Time - The start date and time when the certificate is valid.
Validity End Time - The date and time after which the certificate is no longer valid.
Usage Status - Indicates whether the certificate is “Being Used” or “Not Used” in the RADIUS server.
Issued By - The certification authority (CA) that issued the certificate.
Issued To - The entity to which the certificate is assigned.
CA File Name - The name of the uploaded CA Certificate file.
Client Certificate File - The name of certificate file in the RADIUS server. The Server File contains the contents of the Sever Certificate file and the Server Key file.
Client Private Key File - The name of the Server Key file.
Type - The type of certificate file stored in the RADIUS server (RADIUS certificate or RadSec Client).