All communication between your network and Orion Wi-Fi is secured via RadSec (RADIUS over TLS). Orion Wi-Fi uses RadSec certificates to identify and authorize network suppliers. Suppliers have two options for client certificate management: download an Orion-generated client certificate, or upload their own Certificate Authority (CA) certificate for Orion Wi-Fi to trust.
Once you have completed the prerequisites to get started on Orion Wi-Fi, you can manage your RadSec certificates by going to your Orion Wi-Fi Supplier portal → RadSec Certificates
Generating Client Certificates
In this scenario, you generate a RadSec Client Certificate Bundle from Orion Wi-Fi, then import the client certificate into your network infrastructure. Note: some OEMs such as Cisco Meraki will not let you install a client certificate in this manner. For those, see Uploading CA Certificates.
Click Download Orion Certificates > Generate Client Certificate Bundle:
A file named radsec.zip will download. This contains your unique Orion Wi-Fi client certificate as well as our CA certificate, which is used for our RadSec servers. Import both into your network infrastructure as explained in Configure Wi-Fi APs for Orion.
Uploading Supplier CA Certificates
If a supplier needs to generate their own RadSec client certificates, Orion Wi-Fi can accept that supplier's CA certificate. In this scenario, Orion Wi-Fi will trust any client certificate signed by the uploaded CA.
Click Upload CA Certificate. In the prompt that appears, select your CA certificate file.
Confirm the details are correct and click Upload:
You also need to trust Orion Wi-Fi's Root CA Certificates on your network infrastructure, as this CA is used to sign Orion Wi-Fi's Radsec server certificates.
Click Download Orion Certificates > Download Root CA Certificates:
A file named orionRootCaCerts.zip will download. Upload this CA to your network infrastructure as a trusted CA for RadSec server certificate signing. See Configure Wi-Fi APs for Orion for more details.
Managing RadSec Certificates
Edit
To edit the Description of a certificate in Orion, click the three vertical dots on the right side of the row, then click "Edit":
Download
Only CA certificates that have been uploaded to Orion can be re-downloaded. Previously-generated Orion client certificates cannot be re-downloaded.
To download a CA certificate that was previously uploaded to Orion, click the three vertical dots on the right side of the row, then click "Download".
Delete
Orion Wi-Fi allows for a maximum of 50 client certificates downloaded from Orion and 50 CA certificates uploaded to Orion. If you have reached one of these limits, you will need to delete one or more certificates before you can download new client certificates or upload new CA certificates, respectively.
To delete a certificate, click the three vertical dots on the right side of the row, then click "Delete":
Confirm that you have selected the correct certificate for deletion. Then, type "delete certificate" and click "Delete RadSec Certificate":