You can create certificates to establish secure communication and verify the identity of entities in your network.

1. From the navigation bar, select Network Control > Policies & Profiles.
   The Policies & Profiles page is displayed.

   

   .
2. In the Policies & Profiles page, click Certificate Template.
   The Certificate Template page is displayed. By default, the Certificate tab is displayed.

   

   The Certificate page displays the following information:

   • Common name: Displays common name of the certificate holder.
   • Status: Displays the status of the certificate: Valid, Revoked, or Expired.
   • Expiration Date: Displays the expiration date.
   • CA Name: Displays the name of the certification authority.
   • Template: Displays the name of the certificate template.
   • Revocation Date: Displays the revocation date.
   • Identity: Displays the identity.
   • Issued by: Displays information on the Issuer.
   • Timestamp: Displays the time stamp.
   • Serial Number: Displays the serial number.
   • Thumbprint: Displays the thumb print.
   • Email: Displays the email address of the organization.
3. On the upper-right corner, click Generate Certificate.
   The Generate Certificate page is displayed.

   

4. In the Generate Certificate page, complete the following:
   • Certificate Template: Select a certificate template from the drop-down.
   • Identity: Select an identity from the drop-down. Alternatively, click Add to access the Create Identity sidebar and create an identity. For more information on creating an identity, refer to:
   • CSR Source: Select one of the following from the drop-down:
     • Auto-generate CSR
     • Copy & Paste CSR
   • USERNAME: Enter a username.
   • Description: Enter a description.
5. Click Generate.
   The certificate is generated.
6. (Optional) In the Certificate page, click a name.
   The Certificate Details sidebar is displayed.

   

   The Certificate Details sidebar displays the following options:

   • Certificate Information: Displays certificate details.
   • Download: Downloads the certificate.
   • Usage: Displays the usage information.
   For Android mobile devices, configure the domain suffix setting shown in th following table.

   Setting Name	Value (Fixed	Descriptions
   Domain Suffix Match	ruckus.cloud	This setting validates the certificate of the EAP Server by its DNS name. The value you enter must match a dNSName element of the certificate’s subjectAltName extension. Values are compared one domain part at a time, starting from the top-level domain. You can enter multiple values separated by semicolons. The certificate is valid if at least one value matches. You cannot use wildcards. For example: example.com matches server.example.com but not server-example.com. This Domain Suffix Match setting is only available for EAP connections.

   The domain name is used to validate the server certificate, which is the certificate from FreeRADIUS. Therefore, it is not used for the certificate template or the client certificate.