Certificate Manager considerations

The certificate manager considerations for RadSec implementation are:
  • RadSec requires a mutually authenticated TLS connection for communication between the switch and RADIUS server.

  • For TLS connections, you require:
    • Certificates with usage radsec-client or all or

    • Switch default certificate, IDEVID.

  • The switch must have a CA certificate that issued the RadSec server certificate. The RadSec server must have a CA certificate that issued the switch RadSec application certificate.

  • EST enrolment is supported for RadSec certificates. For more information, see the Access Security Guide of your switch.