Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

221

222

223

224

225

226

227

228

229

230

224 | Onboard Dell Networking W-ClearPass Guest 6.6 | User Guide

Field Description

Certificate Authority (Required) Specifies the certificate authority (CA) used to sign profiles and

messages (see "Creating a New Certificate Authority" on page 117). Options

include:

l Local Certificate Authority

l SCEP-RA

Signer (Required) Specifies the source to use for signing TLS client certificates. Options

include:

l Onboard Certificate Authority

l Active Directory Certificate Services — The ADCS URL and ADCS Template

rows are added to the form. ACDS can only be used with certificate-based

authentication; it cannot be used with username/password authentication.

TLS Certificate Authority (Required) Specifies the certificate authority (CA) used to use to sign TLS client

certificates. Options include:

l Local Certificate Authority

l SCEP-RA

ADCS URL (Required) If Active Directory Certificate Services was chosen in the Signer field,

enter the URL of the ADCS server in the field. This URL should be the Web interface

for ADCS, and is typically http://<server>/certsrv/.

ADCS Template (Required) If Active Directory Certificate Services was chosen in the Signer field,

enter the name of the template to use when requesting the certificate. If the name

is not known, you can use the default name of "user".

Key Type (Required) Specifies the type of private key to use when issuing a new certificate.

Options include:

l 1024-bit RSA – created by server: Lower security.

l 1024-bit RSA – created by device: Lower security. Uses SCEP to provision the

EAP-TLS certificate.

l 2048-bit RSA – created by server: Recommended for general use.

l 2048-bit RSA – created by device: Recommended for general use. Uses SCEP

to provision the EAP-TLS certificate.

l 4096-bit RSA – created by server: Higher security.

l X9.62/SECG curve over a 256 bit prime field - created by server

l NIST/SECG curve over a 384 bit prime field - created by server

See Note below this table.

Unique Device Credentials (Required) If selected, includes the username as a prefix in the device's PEAP

credentials.

Table 87: Provisioning Settings Form, General Tab, Identity Area

Using a private key containing more bits will increase security, but will also increase the processing time required to

create the certificate and authenticate the device. The additional processing required will also affect the battery life

of a mobile device. It is recommended to use the smallest private key size that is feasible for your organization. The

“created by device” options use SCEP to provision the EAP-TLS device certificate, so the private key is known only to

the device rather than also known by the user. When a “created by device” option is selected, the generated key is

used instead of a username/password authentication defined in Network Settings.