5-42
Configuring the RADIUS Server—Without Identity Driven Manager
Manage Digital Certificates for RADIUS
Manage Digital Certificates for RADIUS
The following authentication methods use mutual authentication, which
means that the RADIUS server (in your case, the NAC 800 CS or ES) identifies
itself to endpoints with a digital certificate:
■
EAP-TLS
■
EAP-TTLS
■
PEAP
At its factory default settings, the NAC 800 authenticates as a RADIUS server
with a self-signed digital certificate. However, this certificate is not intended
for an enterprise environment. It identifies the NAC 800 as follows:
■
subject=/C=CA/ST=Province/L=Some City/O=Organization/OU=local-
host/CN=Root certificate/[email protected]
■
issuer=/C=CA/ST=Province/L=Some City/O=Organization/OU=local-
host/CN=Client certificate/[email protected]
You should load one of the following certificates on your NAC 800:
■
A self-signed certificate that specifies the NAC 800’s FQDN as its common
name (CN)
■
A certificate that specifies the NAC 800’s FQDN as its CN and is signed by
a trusted CA
In either case, the certificate must allow the NAC 800 to use it for client and
server authentication. That is, the extensions for the key usage should be “TLS
Web Server Authentication” and “TLS Web Client Authentication.”
Follow these steps to set up certificates for RADIUS services:
1.
If you plan to use a CA-signed certificate, install the CA root certificate on
the NAC 800.
2.
Obtain a server certificate and install it on the NAC 800. You must specify
the certificate and private key locations in the
/etc/raddb/eap.conf
file.
As mentioned above, you can create a self-certificate or obtain a certifi-
cate from a CA.
The following sections explain how to complete these tasks. The final sections
of this chapter give you some guidelines on setting up certificates on end-
points.
Содержание 800
Страница 1: ...Configuration Guide www procurve com ProCurve Network Access Controller 800 ...
Страница 2: ......
Страница 3: ...ProCurve Network Access Controller 800 Configuration Guide April 2008 1 0 30398 ...
Страница 74: ...1 62 Overview of the ProCurve NAC 800 Deployment Methods ...
Страница 145: ...3 17 Initial Setup of the ProCurve NAC 800 System Settings Figure 3 9 Home System Configuration Management Server ...
Страница 155: ...3 27 Initial Setup of the ProCurve NAC 800 System Settings ...
Страница 194: ...3 66 Initial Setup of the ProCurve NAC 800 Digital Certificates ...
Страница 328: ...5 64 Configuring the RADIUS Server Without Identity Driven Manager Manage Digital Certificates for RADIUS ...
Страница 336: ...6 8 Disabling Endpoint Integrity Testing Overview ...
Страница 354: ...7 18 Redundancy and Backup for RADIUS Services Back Up Your NAC 800 Configuration ...
Страница 380: ...A 26 Appendix A Glossary ...
Страница 394: ...B 14 Appendix B Linux Commands Service Commands ...
Страница 405: ......
Страница 406: ... Copyright 2007 2008 Hewlett Packard Development Company L P April 2008 Manual Part Number 5991 8618 ...