Specifications
Chapter 10: General BSC Operational Settings
10-22
the server digital certificate). If you are using mutual authentication, mark the BSC
Client Certificate radio button for the PKCS#12 certificate.
4. Click Browse to enter the pathname where the certificate file resides on your local
computer in the Upload new certificate field.
5. Click Upload to upload the certificate file to the BSC from your computer.
The Installed Certificates list box now lists the name of the uploaded certificate, and
the contents of the certificate appear on the right side of the page.
Create/Modify
external
authentication
server
6. Now either create a new external authentication server or modify an existing one by
clicking the Authentication Servers tab on the User authentication page, and then
clicking the icon corresponding to the server you wish to modify.
See Chapter 6, "Authentication Using External Servers," for details.
7. On the create external authentication server page, do one of the following:
•
If you uploaded the trusted server certificate to the BSC
, select it from the Trusted
server certificate drop-down list. If a trusted server certificate is not required,
leave this field blank.
•
If you uploaded the trusted CA
, select the trusted CA in the Available CA
certificates list box, and then click the Add button to move it to the Trusted CA
certificates list box. If a trusted CA is not required, leave this field blank.
)
Note: You can also use the Del button to remove selected Trusted CA certificates
from the Trusted CA certificates box.
•
If you uploaded the BSC client certificate in PKCS#12 format (mutual
authentication)
, select the appropriate certificate from the BSC client certificate
drop-down list. If mutual authentication is not required, leave this field blank.
8. Finish configuring the external authentication server, and then click Save to store the
server settings.
Requesting and Installing an IPSec Authentication Certificate
Wireless clients setting up an IPSec tunnel to the BSC can use digital certificates to
authenticate the tunnel. When using digital certificates, the IPSec client presents the user's
certificate and the BSC presents its own certificate to perform mutual authentication.
To authenticate an IPSec tunnel, the BSC must have both a copy of the root CA (trusted
CA) who signed the client's certificate and its own IPSec authentication certificate to
present to the client.
To request and install a copy of the authentication certificate to present to IPSec clients for
mutual authentication:
1. Click the General tab in the administrator console, click the Certificates tab, and then
click the Generate link at the top of the page. The IPSec certificate signing request
generation page appears as shown in Figure 10-13.
2. Enter your geographic, organizational, and addressing information in the
appropriate fields on the IPSec certificate signing request generation page.
Note that entering a Company Name is optional.
3. Click Process to create the CSR, which is displayed on the right side of the page. The
CSR generated page appears as shown in Figure 10-14.
To delete a CSR and start over, click Delete CSR of the left side of the page.
4. In the scroll box containing the CSR text, highlight the entire text of the CSR and then
copy and paste it into the appropriate space on your certificate provider's CSR web
request form. Complete any remaining steps required by the certificate provider to
request the certificate.