Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

101

102

103

104

105

106

107

108

109

110

108 | Preparing for Active Directory Authentication Dell Networking W-ClearPass Deployment Guide

Obtaining and Installing a Signed Certificate From Active

Directory

This section describes how to obtain and install a signed server certificate from Active Directory for 802.1X

authentication. This section contains the following information:

l About Certificates in W-ClearPass Deployments

l How to Obtain a Signed Certificate from Active Directory

l Creating a Certificate Signing Request

l Importing the Root CAFiles to the Certificate Trust List

l Obtaining a Signed Certificate from Active Directory

l Importing a Server Certificate into W-ClearPass

About Certificates in W-ClearPass Deployments

A certificate is a file that makes it possible for network devices to communicate with each other securely. For

example, in W-ClearPass deployments, certificates are provided for all devices involved in authentication, such

as client laptops, smart phones, Mobility controllers, Mobility Access Switches, W-ClearPass Policy Manager

servers, and so on.

How do certificates help you to communicate securely? It does this in two ways:

l Certificates help devices verify the identity of other devices.

l Certificates enable devices to use encryption to securely communicate with each other.

When a certificate is created, two keys are generated:

l Private key

The private key is always stored securely and never sent out. If the private key is compromised, the entire

security framework established by the certificate is compromised.

l Public key

The public key contains important information about the certificate owner. The public key is inside the file

that is sent to all devices that wish to communicate with the certificate owner. This file contains additional

information about the identity of the certificate owner’s device.

Public and private key pairs are generated so that any data encrypted by one of these keys can only be

decrypted by the other corresponding key.

Any data encrypted by the private key can only be decrypted by the corresponding public key. Conversely, any

data encrypted by the public key can only be decrypted by the corresponding private key.

When Certificate Usage Is Necessary

There are three common situations in which certificates are necessary in W-ClearPass deployments:

l When using HTTPS to manage network devices such as mobility controllers, mobility access switches, or W-

ClearPass servers.

l During captive portal authentication.

l When doing 802.1X authentication.

How 802.1X Authentication Uses Server Certificates

When an employee attempts to log into his laptop, the EAP-PEAP authentication process begins:

1. The W-ClearPass Policy Manager server sends the server certificate to the employee's device.

2. The employee sends his encrypted username and password to the server.