MSM7xx Controllers Configuration Guide v6.4.0
NOTE: When a Web browser connects to the controller using SSL/TLS, the controller sends only
its own X.509 certificate to the browser. This means that if the certificate has been signed by an
intermediate certificate authority, and if the Web browser only knows about the root certificate
authority that signed the public key certificate of the intermediate certificate authority, the Web
browser does not get the whole certificate chain it needs to validate the identity of the controller.
Consequently, the Web browser issues security warnings. To avoid this problem, make sure that
you install the entire certificate chain when you install a new certificate on the controller.
NOTE: An SNMP notification can be sent to let you know when the controller SSL certificate is
about to expire. To enable this notification, select Controller >> Management > SNMP and enable
the Notifications option. Then select Configure Notifications, enable Event notifications, and then
select the event Maintenance certificate about to expire under System. See “Configuring SNMP
notifications for events and alarms” (page 215).
Certificate usage
To see the services that are associated with each certificate, select Controller >> Security > Certificate
usage. With the factory default certificates installed, the page will look like this:
Service
Name of the service that is using the certificate. To view detailed information on the certificate
select the service name.
Authenticate to peer using
Name of the certificate and private key. The controller is able to prove that it has the private
key corresponding to the public key in the certificate. This is what establishes the controller as
a legitimate user of the certificate.
Number of associated CAs
Number of CA certificates used by the service.
Changing the certificate assigned to a service.
Select the service name to open the Certificate details page. For example, if you select Web
Management Tool, you will see:
380 Security