4-54
Configuring the RADIUS Server—Integrated with ProCurve Identity Driven Manager
Manage Digital Certificates for RADIUS
4.
Enter this command to generate the certificate request:
For example:
ProCurve NAC 800:/etc/raddb/certs# openssl req -new
-config openssl.cnf -extensions radsrv_req -newkey rsa:1024 -nodes -
keyout mykey.pem -out myrequest.req
5.
You will be prompted to enter information about the NAC 800. When
prompted for the Common Name (CN), enter the NAC 800’s FQDN.
6.
Transfer the certificate request to a Secure Copy (SCP) server.
If you have installed PuTTY SCP (PSCP) on your management station, you
can follow these steps:
a.
Access the command prompt on your management station and move
to the directory in which PSCP is installed.
b.
Enter this command:
Syntax:
openssl req -new -config openssl.cnf -extensions radsrv_req -newkey
[rsa | dsa]:[512 | 1024 | 2048 | 4096] -nodes -keyout <
key_filename
> -out
<
request_filename
> {-outform [DER | PEM]}
The
-config
option should specify the new configuration file
that you created in step 2. (Make sure that you are in the
correct directory.) Similarly the
-extensions
option specifies
bracketed name for the extensions that you added to that file.
The
-newkey
option generates a private/public keypair for this
certificate. Choose
rsa
or
dsa
for the algorithm and then choose
the key length (
4096
is not a valid option for
dsa
).
The private key for the certificate is saved with the name you
enter for the
<
key filename
>
. The certificate request is saved
with the name you enter for the
<
request_filename
>
. You can
choose the format (
DER
or
PEM
) for the request (default:
PEM
).
The
-nodes
option in the command above creates the private
key without password protection. For greater security, omit
this option when you enter the command. You will then be
prompted to enter the password. In step 12 on page 4-56, you
will edit the
/etc/raddb/eap.conf
file and specify this password.
Syntax:
pscp root@<
NAC 800 IP address
>://etc/raddb/certs/<
request_filename
>
<
path\filename
>
Transfers the request off the NAC 800. Replace
<
request_filename
>
with the name you specified in step 4 on
page 4-54. The request is saved on the station with the name
that you specify for
<
path\filename
>
.
Summary of Contents for 800
Page 1: ...Configuration Guide www procurve com ProCurve Network Access Controller 800 ...
Page 2: ......
Page 3: ...ProCurve Network Access Controller 800 Configuration Guide April 2008 1 0 30398 ...
Page 74: ...1 62 Overview of the ProCurve NAC 800 Deployment Methods ...
Page 155: ...3 27 Initial Setup of the ProCurve NAC 800 System Settings ...
Page 194: ...3 66 Initial Setup of the ProCurve NAC 800 Digital Certificates ...
Page 336: ...6 8 Disabling Endpoint Integrity Testing Overview ...
Page 354: ...7 18 Redundancy and Backup for RADIUS Services Back Up Your NAC 800 Configuration ...
Page 380: ...A 26 Appendix A Glossary ...
Page 394: ...B 14 Appendix B Linux Commands Service Commands ...
Page 405: ......