User's Manual
128 | Onboard Dell Networking W-ClearPass Guest 6.4 | User Guide
The file should be a base-64 encoded (PEM format) PKCS#10 certificate signing request.
Specifying Certificate Properties
On the Certificate Signing Request form, select the type of certificate from the Certificate Type drop-
down list. Choose from one of the following options:
l TLS Client Certificate – Use this option when the certificate is to be issued to a client, such as a user or a
user’s device.
n When this option is selected, the issued certificate’s extended key usage property will contain a value of
“Client Auth”, indicating that the certificate may be used to identify a client.
l Trusted Certificate—Use this option when the certificate is to be issued to a network server, such as a
Web server or as the EAP-TLS authentication server.
n When this option is selected, the issued certificate’s extended key usage property will contain a value of
“Server Auth”, indicating that the certificate may be used to identify a server. Trusted certificates include
the id-kp-eapOverLAN extended key usage.
l Certificate Authority – Use this option when the certificate is for an subordinate certificate authority.
n When this option is selected, the issued certificate will contain an extension identifying it as an
intermediate certificate authority, and the extended key usage property will contain the three values
“Client Auth”, “Server Auth” and “OCSP Signing”.
l Code Signing—Use this option for signing the Windows provisioning application.
l TLS Server Certificate – Use this option when the certificate is to be issued to a network server, such as a
Web server or as the EAP-TLS authentication server.
n When this option is selected, the issued certificate’s extended key usage property will contain a value of
“Server Auth”, indicating that the certificate may be used to identify a server.
Mark the Issue this certificate immediately check box to automatically issue the certificate.
Click the Submit Certificate Signing Request button to save your changes.
l If the “Issue this certificate immediately” check box is marked, the certificate will be issued immediately and
will be displayed in the Certificate Management list view.
l If the “Issue this certificate immediately” check box is not marked, the certificate request will be displayed in
the Certificate Management list view. The certificate can then be issued or rejected at a later time.
The Trust Chain and Uploading Certificates for the CA
The Certificate Authority Trust Chain page is used to view the certificate authority’s current trust chain, or to
upload a new certificate in the trust chain when configuring a certificate authority.
To view the Certificate Authority’s trust chain, go to Onboard > Certificate Authorities and click the Trust
Chain link for a certificate. The Certificate Authority Trust Chain page opens. This page shows a graphical
representation of the certificates that make up the trust chain.