Skip to main content
Skip table of contents

Certificates - UPAM

The RADIUS Certificates screen displays information about all RADIUS Server, RadSec Server and LDAP Certificates. Use this screen to add, download, and delete the following UPAM RADIUS Server certificates:

  • RADIUS Server Certificate - Used to establish a secure connection with a network device for 802.1X or TLS authentication.

  • RadSec Cretificate - Used to establish a secure connection between UPAM and an external RADIUS server that uses RadSec (RADIUS-over-TLS). UPAM acts as a RadSec client when communicating with the RadSec server (see the External RADIUS Server online help for more information).

  • LDAP Certificate - An LDAP certificate is a digital credential that establishes a trusted, encrypted connection between the system and an LDAP (Lightweight Directory Access Protocol) server. It ensures data exchanged during authentication and directory access stays secure from unauthorized interception.

To manage certificates, click on Network Access > UPAM-NAC > Certificates under the “Configure” section of the OmniVista Cirrus Menu.

UPAM certificates OVC 10.5.2-20260120-082346.png

The Certificates screen provides a separate tab for each of the three types of certificates. Click on the desired tab to view existing certificates and/or add new ones.

Adding a Certificate

Click on one of the two tabs shown to select which certificate you want to create and upload.

Adding a RADIUS Server Certificate

A default certificate (“Default RADIUS Certificate”) is made available at the time the Organization is created. However, it is strongly recommended that you install custom certificates.

To add a custom certificate, select the RADIUS Server Certificate tab on the Certificates screen, then click on Add Certificate to open the following screen to define the certificate information:

Complete the fields as described below, then click on Add Certificate.

  • Name - Enter a name to identify the certificate.

  • CA Files - Click on Browse to locate and import the RADIUS Server's CA Certificate (PEM or DER encoded certificates only).

  • Server Certificate File - Click on Browse to locate and import the Certificate File (PEM or DER encoded certificates only).

  • Server Private Key File - Click on Browse to locate and import the Certificate Private Key File.

  • Private Key Password - Enter a Private Key Password to encrypt the key file when generating the CA File.

  • Confirm Private Key Password - Re-enter the Private Key password.

If necessary, you can generate a new RADIUS Server Certificate.

Adding a RadSec Certificate

Select the RadSec Certificate tab on the Certificates screen, then click on Add Certificate to open the following screen to define the certificate information:

Complete the fields as described below, then click on Add Certificate.

  • Name - Enter a name to identify the certificate.

  • CA Files - Click on Browse to locate and import the RADIUS Server's CA Certificate (PEM or DER encoded certificates only).

  • Client Certificate File - Click on Browse to locate and import the Certificate File (PEM or DER encoded certificates only).

  • Client Private Key File - Click on Browse to locate and import the Certificate Private Key File.

  • Private Key Password - Enter a Private Key Password to encrypt the key file when generating the CA File.

  • Confirm Private Key Password - Re-enter the Private Key password.

Adding an LDAP Certificate

Select the LDAP Certificate tab on the Certificates screen, then click on Add Certificate to open the following screen to define the certificate information:

create LDAP certificate OVC 10.5.2-20260120-082707.png

Complete the fields as described below, then click on Create.

  • Name - Enter a name to identify the certificate.

  • CA Files - The name of the CA file uploaded. (Note: The certificate file only supports PEM or DER encoded certificates).

  • Server Certificate File - Enter the name of Server Certificate file.

  • Server Private Key File - Enter the name of Key File. (The certificate file only supports .key format).

  • Private Key Password - Enter the password to encrypt the key file.

  • Confirm Private Key Password - Re-enter the password to encrypt the key file.

Downloading a Certificate

You can download a certificate from the RADIUS Server Certificates List, the RadSec Certificates List or from LDAP Certificate List to your machine. Select the certificate in the list and click on the download icon under the “Actions” column.

The certificate will be downloaded to your designated Download folder.

Deleting a Certificate

Select a certificate in the RADIUS Server Certificates List, the RadSec Certificates List or in the LDAP Certificate List and click on the Delete icon under the “Actions” column.

Click Delete at the Confirmation Prompt. Note that you cannot delete an active (“being used”) certificate. You must first activate a different certificate before you can delete it.

If you delete an LDAP Certificate from the Certificate List, any LDAP server connections relying on that certificate will no longer be able to establish secure communication until a new valid certificate is configured.

Generating a RADIUS Server Certificate

To display instructions on how to create a RADIUS Server Certificate, click on the How to generate a RADIUS Server Certificate link on the RADIUS Server Certificate Information screen.

The following instructions are displayed:

Follow these instructions to generate a RADIUS Server Certificate.

Certificate List

The RADIUS Server Certificate List displays the following information for each certificate:

  • Name - Identifier for the certificate in UPAM.

  • Created At - The date and time the certificate was added.

  • CA File Name - The name of the uploaded CA Certificate file.

  • Server Certificate File - The name of certificate file in the RADIUS server. The Server File contains the contents of the Sever Certificate file and the Server Key file.

  • Server Private Key File - The name of the Server Key file.

  • Type - The type of certificate file stored in the RADIUS server (RADIUS certificate or RadSec Client).

  • Usage Status - Indicates whether the certificate is “Being Used” or “Not Used” in the RADIUS server.

  • Validity Start Time - The start date and time when the certificate is valid.

  • Validity End Time -  The date and time after which the certificate is no longer valid.

  • Issued By - The certification authority (CA) that issued the certificate.

  • Issued To - The entity to which the certificate is assigned.

The RadSec Certificate List displays the following information for each certificate:

  • Name - Identifier for the certificate in UPAM.

  • Created At - The date and time the certificate was added.

  • Validity Start Time - The start date and time when the certificate is valid.

  • Validity End Time -  The date and time after which the certificate is no longer valid.

  • Usage Status - Indicates whether the certificate is “Being Used” or “Not Used” in the RADIUS server.

  • Issued By - The certification authority (CA) that issued the certificate.

  • Issued To - The entity to which the certificate is assigned.

  • CA File Name - The name of the uploaded CA Certificate file.

  • Client Certificate File - The name of certificate file in the RADIUS server. The Server File contains the contents of the Sever Certificate file and the Server Key file.

  • Client Private Key File - The name of the Server Key file.

  • Type - The type of certificate file stored in the RADIUS server (RADIUS certificate or RadSec Client).

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close