MSM7xx Controllers Configuration Guide v6.4.0
Certificate of the certificate authority (CA) that issued the NOC certificate.
ssl-certificate = URL_of_the_certificate
Custom certificate installed on the controller.
Install a certificate on controller
NOTE: This step is optional, but recommended.
Install an SSL certificate on the controller to replace its default SSL certificate. This certificate is used
to secure communications between the controller and the login application on the Web server.
If you do not change the default certificate on the controller, the login application may not be able
to validate the controller certificate when establishing the SSL connection. The reason for this is
because the default certificate is self-signed and is not trusted by any well-known CA.
This can be done by adding an additional attribute to the Configured attributes table on the Public
access > Attributes page. (You can also define this attribute in the RADIUS profile for the controller
if you are using a RADIUS server.)
ssl-certificate = URL_of_the_certificate
Authenticating users
After a user has supplied login information on the remote login page, the login application must
submit an authentication request containing the users login name, password, and IP address to
the controller by establishing an SSL session to the following URL:
https://controller_ip:8090/goform/HtmlNocLoginRequest?
username=username&password=password&ipaddr=user_ip
Where:
DescriptionParameter
Defines the IP address of the controller or you could use a domain name
if you have defined one using the hosts file on the Web server. (By default,
controller_ip
the secure Web server on the controller operates on port 8090. This can
be changed on the Management > Management Tool page if required.)
The controller requires that the contents of the Host HTTP header match
the actual domain name/IP address and port the controller is operating
on:
Host:
controller_domain_name:secure_web_server_port_number
or
Host:
controller_IP_address:secure_web_server_port_number
This is usually the case unless the controller is behind a device that provides
network address translation (NAT). In this situation, the login application
must manually forge the Host HTTP header. The easiest way to do this is
to define login-url with the %i and %p placeholders. This returns the
domain name of the controller and the port number of its secure Web
server. The login application can then construct the appropriate Host HTTP
header.
Username supplied by the user.username
Password supplied by the user.password
IP address of the users computer.user_ip
Authenticating users 553