User's Manual
124 | Onboard Dell Networking W-ClearPass Guest 6.4 | User Guide
To create a new certificate or certificate signing request:
In the Certificate Authority drop-down list, select the certificate authority that will be used to sign the
request.
In the Certificate Type drop-down list, select the type of certificate you want to create:
l TLS Client Certificate—Use this option when the certificate is to be issued to a client, such as a user or a
user’s device.
n When this option is selected, the issued certificate’s extended key usage property will contain a value of
“Client Auth”, indicating that the certificate may be used to identify a client.
n When you create a TLS Client certificate, corresponding entries are created in the Onboard >
Management and Control >View by Device and Onboard > Management and Control >View
by Username lists.
l Trusted Certificate—Use this option when the certificate is to be issued to a network server, such as a
Web server or as the EAP-TLS authentication server.
n When this option is selected, the issued certificate’s extended key usage property will contain a value of
“Server Auth”, indicating that the certificate may be used to identify a server. Trusted certificates include
the id-kp-eapOverLAN extended key usage.
l Certificate Authority—Use this option when the certificate is for a subordinate certificate authority.
n When this option is selected, the issued certificate will contain an extension identifying it as an
intermediate certificate authority, and the extended key usage property will contain the three values
“Client Auth”, “Server Auth” and “OCSP Signing”.
l Code Signing—Use this option for signing the Windows provisioning application.
Specifying the Identity of the Certificate Subject
In the first part of the Certificate Request Settings form, provide the identity of the person or device for which
the certificate is to be issued (the “subject” of the certificate). Together, these fields are collectively known as a
distinguished name, or “DN”:
l Country