Replace a RADIUS Server Certificate
A RADIUS server certificate is presented to a RADIUS client by RSA RADIUS so that the client can verify the identity of the RADIUS server. You can use the Operations Console to replace the existing server certificate of a RADIUS Server with a different certificate. For example, you might prefer to assign a certificate that has your organization as its trusted root signer. RSA RADIUS does not replicate the server certificate. You must access each RADIUS server directly and perform the following procedure.
Note: The RADIUS server certificate and trusted root certificate used by the RADIUS server must be based upon the RSA algorithm.
Before you begin
You must be a Super Admin.
Make sure you have a keystore (.pfx) file that contains the new server certificate and the associated private key. This file should be in PKCS #12 file format and contain the replacement certificate and private key only. If the keystore contains more than one certificate, the wrong certificate may be used as the replacement server certificate.
Add a trusted root certificate to the system. Add the certificate used to sign the replacement server certificate. The signing certificate must be in DER format and have a .der extension. If the replacement certificate is self-signed, you do not need to add the signing certificate.For more information, see Add a Trusted Root Certificate .
Procedure
On the primary instance Operations Console, click Deployment Configuration > RADIUS Servers.
If prompted, enter your Security Console User ID and password, and click OK.
Click the RADIUS server whose certificate you want to replace, and select Manage EAP Certificates from the context menu.
In the Manage EAP Certificates page, click the Server Certificate tab.
Under Replace Server Certificate, click Browse to locate the keystore file containing the replacement certificate and associated private key.
You must select a keystore that is in PKCS #12 certificate store format, with a .pfx suffix.
Enter the password for the keystore file containing the replacement certificate in the Keystore Password field.
Click Save & Restart RADIUS Server.
The RADIUS server must restart for the change to take effect.
Repeat this procedure for each RSA RADIUS server in the deployment.
Related Articles
View a RADIUS Server Certificate Number of Views Restart a RADIUS Server Number of Views FSM error message 'FSSVC-33056' when trying to add users Number of Views Authentication Manager Log Messages (20121-20180) Number of Views Trusted Certificate Authorities for HFED or Trusted Headers Applications Number of Views
Trending Articles
Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to… Downloading RSA Authentication Manager license files or RSA Software token seed records Unable to login to RSA Authentication Manager Security Console as super admin RSA Authentication Manager 8.9 Release Notes (January 2026) How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device
