5-45
Configuring the RADIUS Server—Without Identity Driven Manager
Manage Digital Certificates for RADIUS
Install a Server Certificate for RADIUS
You have a variety of options for obtaining and installing the server certificate
for RADIUS authentication. You can:
■
Create a self-signed certificate on the NAC 800.
■
Obtain and install a CA-signed certificate in one of these ways:
•
Create a private/public keypair and certificate request on the NAC 800
and submit the request to your CA.
•
On the CA, request a certificate on behalf of the NAC 800. Make sure to
save the associated private key so that you can load it to the NAC 800.
Create a Self-Signed Certificate
Follow these steps to create a self-signed certificate to be used for RADIUS
authentication:
1.
Log into the NAC 800 as root.
2.
Configure the openssl application to issue self-signed certificates with the
correct extensions for a RADIUS server. (See Appendix B, “Appendix B:
Linux Commands” for vi commands.)
a.
Copy the default configuration file for openssl to a new location. You
will make changes to the new file.
ProCurve NAC 800:# cp /var/ssl/openssl.cnf /etc/
raddb/certs/openssl.cnf
b.
Enter this command:
ProCurve NAC 800:# cd /etc/raddb/certs
c.
Alter the new configuration file:
ProCurve NAC 800:/etc/raddb/certs# vi openssl.cnf
d.
Press
[i]
to enter Insert mode.
e.
Find the “[new_oids]” section. Add this text above:
[radsrv]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth, serverAuth
f.
Press
[Esc]
to exit Insert mode.
g.
Save the changes and exit vi.
:wq
Содержание 800
Страница 1: ...Configuration Guide www procurve com ProCurve Network Access Controller 800 ...
Страница 2: ......
Страница 3: ...ProCurve Network Access Controller 800 Configuration Guide April 2008 1 0 30398 ...
Страница 74: ...1 62 Overview of the ProCurve NAC 800 Deployment Methods ...
Страница 145: ...3 17 Initial Setup of the ProCurve NAC 800 System Settings Figure 3 9 Home System Configuration Management Server ...
Страница 155: ...3 27 Initial Setup of the ProCurve NAC 800 System Settings ...
Страница 194: ...3 66 Initial Setup of the ProCurve NAC 800 Digital Certificates ...
Страница 328: ...5 64 Configuring the RADIUS Server Without Identity Driven Manager Manage Digital Certificates for RADIUS ...
Страница 336: ...6 8 Disabling Endpoint Integrity Testing Overview ...
Страница 354: ...7 18 Redundancy and Backup for RADIUS Services Back Up Your NAC 800 Configuration ...
Страница 380: ...A 26 Appendix A Glossary ...
Страница 394: ...B 14 Appendix B Linux Commands Service Commands ...
Страница 405: ......
Страница 406: ... Copyright 2007 2008 Hewlett Packard Development Company L P April 2008 Manual Part Number 5991 8618 ...