Background

• The UAM SSL key and certificate is located on the Access Points controlled by MESHdesk and APdesk.
• This certificate are used by CoovaChilli to encrypt the Ajax calls between your browser and CoovaChilli.
• It expired on 5November 2023.
• We updated the Git repository with a new version.
• These instructions should be used to patch any existing Access Points which use the certificate during the login process of CoovaChilli.
• The instructions will contain two parts.
  1. Host the new key and cert files on the server running RADIUSdesk
  2. Do remote command execution on the Access Points to patch them with the new key and cert files.

Host the new files

• Connect to the server running RADIUSdesk using SSH
• Check out the latest openwrt-meshdesk code

#Do this in a temporary workspace
mkdir temp_cert
cd temp_cert
git clone https://github.com/RADIUSdesk/openwrt-meshdesk.git openwrt-meshdesk

• Create a directory where Nginx can serve the new cert and key files from and copy them to that directory.

sudo mkdir -p /var/www/html/certs
sudo cp ./openwrt-meshdesk/MESHdesk/files/MESHdesk/captive_portals/cert.pem /var/www/html/certs
sudo cp ./openwrt-meshdesk/MESHdesk/files/MESHdesk/captive_portals/key.pem /var/www/html/certs

Remote command Execution (Patch)

• Select the Access Point you want to patch
• Click on the Execute button to execute a command.
• Select Execute Command from the radio button.
• Enter the following (while adapting it to your server setup)
• This means you have to substitute cloud.radiusdesk.com with the FQDN of your RADIUSdesk server.

cd /etc/MESHdesk/captive_portals/ ; rm key.pem ; rm cert.pem ; wget http://cloud.radiusdesk.com/certs/key.pem; wget http://cloud.radiusdesk.com/certs/cert.pem 

• Sent the Access Point a reboot instruction to activate the new key and certificate.
• Test to see if the error is gone.