Add a Trusted Root Certificate

A trusted root certificate is used by a RADIUS server to verify the identity of a RADIUS client. Use the Operations Console to add trusted root certificates for RSA RADIUS. By default, RSA RADIUS contains no trusted root certificates. You can add as many certificates as you need. You need to add a trusted root certificate on the primary instance only. RSA Authentication Manager replicates trusted root certificates to all RSA RADIUS servers in the deployment.

Note: The RADIUS server certificate and trusted root certificate used by the RADIUS server must be based upon the RSA algorithm.

Before you begin

  • You must be a Super Admin.

  • Verify that the certificate meets the following requirements:

    • certificate is in DER format.

    • certificate file has a .der extension.


  1. Log on to the Operations Console on the Authentication Manager primary instance.

  2. Click Deployment Configuration > RADIUS Servers.

  3. If prompted, enter your Super Admin User ID and password.

  4. Select the RADIUS server on the Authentication Manager primary instance, and click Manage EAP Certificates from the context menu.

  5. In the Manage EAP Certificates page, click the Trusted Root Certificates tab.

  6. Click Browse to locate and select the certificate that you want to add.

  7. Click Add to add the certificate to the server.

  8. When you are finished adding trusted root certificates, click Done.