Complete prerequisites
Orion uses RadSec (RADIUS over TLS) to identify you as a supplier, and to secure our communications with your network.
Depending on the type of Wi-Fi access point that you are using, you may need to follow one or more of the following steps. For AP-specific guides, see Configure Wi-Fi APs for Orion.
Download your RadSec Certificates
On the Orion Supplier portal, go to the RadSec Certficates tab.
Click on Download Orion Certificate, then Generate Client Certificate Bundle:
A file named radsec.zip should download.
You can follow these steps at any time to download a fresh certificate bundle. Downloading a new bundle will not deactivate previously-downloaded certificate bundles.
Deploy & Configure Radsec Proxy (if needed)
Check your wireless LAN equipment documentation for RadSec (RADIUS over TLS) support.
If your wireless LAN controller does not support RadSec, you’ll need to deploy Orion Radsecproxy inside your environment before configuring your wireless LAN.
Follow the instructions in the Orion Radsecproxy README to deploy the Radsecproxy if needed.
Upload your RadSec CA certificate (less common)
Some Wi-Fi access points (namely Cisco Meraki), require you to upload their internally-generated CA certificate to Orion.
On the Orion Supplier portal, go to the RadSec Certificates tab. Click on Download Orion Certificate, then Download Root CA Certificate:
A file named [filename] should download. You will need to upload it to the access point's platform.
Additionally, once you have downloaded the access point's CA Certificate, you need to upload it to Orion. On the Orion Supplier portal, go to the RadSec Certficates tab. Click on Upload CA Certificate, then select your file. (Note: only .pem files are supported.) Add a description to remind you of the certificate in the future, then click Confirm.
Managing RadSec Certificates
Edit
To edit the Description of a certificate in Orion, click the three vertical dots on the right side of the row, then click "Edit":
Download
Only CA certificates that have been uploaded to Orion can be re-downloaded. Previously-generated Orion client certificates cannot be re-downloaded.
To download a CA certificate that was previously uploaded to Orion, click the three vertical dots on the right side of the row, then click "Download".
Delete
Orion allows for a maximum of 50 client certificates downloaded from Orion and 50 CA certificates uploaded to Orion. If you have reached one of these limits, you will need to delete one or more certificates before you can download new client certificates or upload new CA certificates, respectively.
To delete a certificate, click the three vertical dots on the right side of the row, then click "Delete":
Confirm that you have selected the correct certificate for deletion. Then, type "delete certificate" and click "Delete RadSec Certificate":
Request the Orion Network Verification app
After deploying Orion to your Wi-Fi infrastructure, you will need to use the Orion Network Verification app to confirm that it is working as intended. Request access to the app before deploying Orion Wi-Fi.