Generating a Certificate

You can create certificates to establish secure communication and verify the identity of entities in your network.

A Certificate Template must already exist prior to starting this procedure. Refer to Adding a Certificate Template for instructions
Complete the following steps to generate a certificate:
  1. From the navigation bar, select Network Control > Policies & Profiles.
    The Policies & Profiles page is displayed.
    Viewing the Policies & Profiles Page
    .
  2. In the Policies & Profiles page, click Certificate Template.
    The Certificate Template page is displayed. By default, the Certificate tab is displayed.
    Viewing Certificate Templates
    The Certificate page displays the following information:
    • Common name: Displays common name of the certificate holder.
    • Status: Displays the status of the certificate: Valid, Revoked, or Expired.
    • Expiration Date: Displays the expiration date.
    • CA Name: Displays the name of the certification authority.
    • Template: Displays the name of the certificate template.
    • Revocation Date: Displays the revocation date.
    • Identity: Displays the identity.
    • Issued by: Displays information on the Issuer.
    • Timestamp: Displays the time stamp.
    • Serial Number: Displays the serial number.
    • Thumbprint: Displays the thumb print.
    • Email: Displays the email address of the organization.
  3. On the upper-right corner, click Generate Certificate.
    The Generate Certificate page is displayed.
    Generating Certificate
  4. In the Generate Certificate page, complete the following:
    • Certificate Template: Select a certificate template from the drop-down.
    • Identity: Select an identity from the drop-down. Alternatively, click Add to access the Create Identity sidebar and create an identity. For more information on creating an identity, refer to:
    • CSR Source: Select one of the following from the drop-down:
      • Auto-generate CSR
      • Copy & Paste CSR
    • USERNAME: Enter a username.
    • Description: Enter a description.
  5. Click Generate.
    The certificate is generated.
  6. (Optional) In the Certificate page, click a name.
    The Certificate Details sidebar is displayed.
    Viewing Certificate Details
    The Certificate Details sidebar displays the following options:
    • Certificate Information: Displays certificate details.
    • Download: Downloads the certificate.
    • Usage: Displays the usage information.
    For Android mobile devices, configure the domain suffix setting shown in th following table.
    Setting Name Value (Fixed Descriptions
    Domain Suffix Match ruckus.cloud

    This setting validates the certificate of the EAP Server by its DNS name. The value you enter must match a dNSName element of the certificate’s subjectAltName extension. Values are compared one domain part at a time, starting from the top-level domain. You can enter multiple values separated by semicolons. The certificate is valid if at least one value matches. You cannot use wildcards. For example: example.com matches server.example.com but not server-example.com.

    This Domain Suffix Match setting is only available for EAP connections.

    The domain name is used to validate the server certificate, which is the certificate from FreeRADIUS. Therefore, it is not used for the certificate template or the client certificate.