Manualshelf

Connectivity Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
141142143144145146147148149150
2. The Name and Description fields are used internally to identify this set of Onboard settings for the network
administrator. These values are never displayed to the user during device provisioning.
3. Use the Organization field to provide the name of your organization; this is displayed to the user during the
device provisioning process.
4. The Certificate Authority drop-down list can be used to select a different certificate authority. By default, there is
only a single certificate authority.
5. In the Signer drop-down list, select the source to use for signing TLS client certificates. Options include Onboard
Certificate Authority and Active Directory Certificate Services (ADCS). If Active Directory Certificate Services
is chosen, the ADCS URL and ADCS Template rows are added to the form. ACDS can only be used with
certificate-based authentication; it cannot be used with username/password authentication.
6. In the ADCS URL field, enter the URL of the ADCS server. This URL should be the Web interface for ADCS, and
is typically http://<server>/certsrv/.
7. In the ADCS Template field, enter the name of the template to use when requesting the certificate. If the name is
not known, you can use the default name of "user".
8. The Key Type drop-down list specifies the type of private key that should be created when issuing a new
certificate. You can select one of these options:
l 1024-bit RSA created by device: Lower security. Uses SCEP to provision the EAP-TLS certificate.
l 2048-bit RSA created by device: Recommended for general use. Uses SCEP to provision the EAP-TLS
certificate.
l 1024-bit RSA created by server: Lower security.
l 2048-bit RSA created by server: Recommended for general use.
l 4096-bit RSA created by server: Higher security.
Using a private key containing more bits will increase security, but will also increase the processing time required to
create the certificate and authenticate the device. The additional processing required will also affect the battery life of a
mobile device. It is recommended to use the smallest private key size that is feasible for your organization. The “created
by device” options use SCEP to provision the EAP-TLS device certificate, so the private key is known only to the device
Dell Networking W-ClearPass Guest 6.2 | User Guide Onboard + WorkSpace | 145