Profile Overrides - Trustpoints

About this task

A RADIUS certificate links identity information with a public key enclosed in the certificate. A CA is a network authority that issues and manages security credentials and public keys for message encryption. The CA signs all digital certificates it issues with its own private key. The corresponding public key is contained within the certificate and is called a CA certificate.

To override a RADIUS Trustpoint configuration at the device level:

Procedure

  1. Go to Configuration → Devices → Device Overrides.

    The Device Overrides screen displays. This screen lists devices within the managed network.

  2. Select an access point.

    The selected access point's configuration menu displays.

  3. Expand Profile Overrides → Security and select Trustpoints.

    The trustpoints configuration screen displays.

    Click to expand in new window
    Trustpoints Configuration Screen
    GUID-9504C26D-459D-47F4-8B27-5C4A6187072E-low.png
  4. Set the following RADIUS Security certificate settings:

    RADIUS Certificate Authority

    Select Pending to use a certificate that is in the process of being created or is yet to be created. As such certificates will not be listed under the Stored drop-down, use this method instead. Using this option is not a guarantee that the trust point will work as intended if the trust point is not loaded on to the device. The trust point can be created later, however, it must be present on the device when the device is deployed.

    Select Stored to enable a drop-down menu where an existing certificate can be leveraged or use default-trustpoint. To leverage an existing certificate, click the Launch Manager button.

    RADIUS Server Certificate

    Select Pending radio button to use a certificate that is in the process of being created or is yet to be created. As such certificates will not be listed under the Stored drop-down, use this method instead. Using this option is not a guarantee that the trust point will work as intended if the trust point is not loaded on to the device. The trust point can be created later, however, it must be present on the device when the device is deployed.

    Select Stored to enable a drop-down menu where an existing certificate can be leveraged or use default-trustpoint. To leverage an existing certificate, click the Launch Manager button.

  5. In the HTTPS Trustpoints field, set the following parameters:

    HTTPS Trustpoint

    Select Pending to use a certificate that is in the process of being created or is yet to be created.

    Select Stored to enable a drop-down menu where an existing certificate/trustpoint can be used. where an existing certificate can be leveraged or use default-trustpoint. To leverage an existing certificate, click the Launch Manager button. For more information, see Certificate Management.

  6. Click OK to save the RADIUS Trustpoints configuration overrides.

    Click Reset to revert to the last saved configuration.