Hybrid Model Support for Remote AP Terminating on a VMC

The hybrid model of deploying Remote APs addresses the following issues:

  • Self-signed certificates used by the VMC has a 10-year validity, which does not cater to users who do not prefer using self-signed certs with more than 1-year validity.
  • Users are unable to move Remote APs from one VMC to another as the two VMCs use different self-signed certs, due to which RAPs fail to establish a tunnel with new VMC.

In the hybrid model these issues are mitigated by deploying the following implementation:

  • Remote APs will use factory certificates.
  • VMCs will use custom certificates.

Prerequisites

Moving a Remote AP

Use the following steps to move a Remote AP from one VMC to another in the Hybrid model:

  1. Load the custom CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. of VMC2 on VMC1.
  2. Move the Remote AP from VMC1 to VMC2 by pushing the custom CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. of VMC2.