Replace a RADIUS Server Certificate
A RADIUS server certificate is presented to a RADIUS client by RSA RADIUS so that the client can verify the identity of the RADIUS server. You can use the Operations Console to replace the existing server certificate of a RADIUS Server with a different certificate. For example, you might prefer to assign a certificate that has your organization as its trusted root signer. RSA RADIUS does not replicate the server certificate. You must access each RADIUS server directly and perform the following procedure.
Note: The RADIUS server certificate and trusted root certificate used by the RADIUS server must be based upon the RSA algorithm.
Before you begin
You must be a Super Admin.
Make sure you have a keystore (.pfx) file that contains the new server certificate and the associated private key. This file should be in PKCS #12 file format and contain the replacement certificate and private key only. If the keystore contains more than one certificate, the wrong certificate may be used as the replacement server certificate.
Add a trusted root certificate to the system. Add the certificate used to sign the replacement server certificate. The signing certificate must be in DER format and have a .der extension. If the replacement certificate is self-signed, you do not need to add the signing certificate.For more information, see Add a Trusted Root Certificate .
Procedure
On the primary instance Operations Console, click Deployment Configuration > RADIUS Servers.
If prompted, enter your Security Console User ID and password, and click OK.
Click the RADIUS server whose certificate you want to replace, and select Manage EAP Certificates from the context menu.
In the Manage EAP Certificates page, click the Server Certificate tab.
Under Replace Server Certificate, click Browse to locate the keystore file containing the replacement certificate and associated private key.
You must select a keystore that is in PKCS #12 certificate store format, with a .pfx suffix.
Enter the password for the keystore file containing the replacement certificate in the Keystore Password field.
Click Save & Restart RADIUS Server.
The RADIUS server must restart for the change to take effect.
Repeat this procedure for each RSA RADIUS server in the deployment.
Related Articles
How to replace an existing token in RSA Authentication Manager 8.x with a specific token in custom mode, and NOT with the … Number of Views Replace a Token for a User in the User Dashboard Number of Views Restart a RADIUS Server Number of Views Replace a Token for a User Number of Views Add a Trusted Root Certificate Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026) Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU RSA SecurID Software Token 5.0.2 for Windows Desktop displays message after reboot due to roaming profile: No token stor…
