Local RadSec Certificate in OmniVista is supported to provide a TLS-enabled connection between RadSec Client (Stellar AP) and RadSec Server (TLS-enabled RADIUS server). Creating a certificate consists of four ingredients: CA, Client Certificate, Client Key and Password for the Key. From OmniVista, an Admin user can push these certificates to the AP by selecting the Local RadSec option in the AP Group.
To create a Local RadSec Certificate in OmniVista, you must upload and import three ingredient files:
CA Certificate file: Supports only PEM or DER encoded certificates (e.g. .pem .cer. der .crt) and multiple CAs with issuance order.
Client Certificate file: Supports only PEM or DER encoded certificates. However, OV will translate all acceptable formats to .crt format due to AP’s requirement.
Client Key file: Supports only .key file.
And, Password for Client Key.
Do not import multiple CAs without an issuance order. If you import multiple CAs without an issuance order, OmniVista only parses and applies the first one to the AP.
Make Client Certificate and Client Key in two files separately. Client Certificate file should not include Client Key because when OmniVista converts certificate to CRT format, only the certificate part is converted, and the private key part is ignored.
CA Certificate file will be converted to CRT format and applied to AP, but content of the Certificate part is not changed.