MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point

371

372

373

374

375

376

377

378

379

380

CA certificate import formats

The import mechanism supports importing the ASN.1 DER encoded X.509 certificate directly or

as part of two other formats:

• PKCS #7 (widely used by Microsoft products)

• PEM, defined by OpenSSL (popular in the Unix world)

• The CRL can be imported as an ASN.1 DER encoded X.509 certificate revocation list directly

or as part of a PEM file.

DescriptionItems carried in the fileContent and file format

This is the most basic format

supported, the certificate without any

envelope.

One X.509 certificateASN.1 DER encoded X.509

certificate

Popular format with Microsoft

products.

One X.509 certificateX.509 certificate in PKCS #7 file

Popular format in the Unix world.

X.509 DER certificate is base64

encoded and placed between

One or more X.509 certificatesX.509 certificate in PEM file

"-----BEGIN CERTIFICATE-----"

and

"-----END CERTIFICATE-----"

lines. Multiple certificates can be

repeated in the same file.

Most basic format supported for CRL.One X.509 CRLASN.1 DER encoded X.509 CRL

Same format as X.509 certificate in

PEM format, except that the lines

contain BEGIN CRL and END CRL.

One X.509 CRLX.509 CRL in PEM file

Default CA certificates

The following certificates are installed by default:

• SOAP API Certificate Authority: Before allowing a SOAP client to connect, the controller checks

the certificate supplied by a SOAP client to ensure that it is issued by a trusted certificate

authority (CA).

• Dummy Authority: Used by the internal RADIUS server. You should replace this with your own

CA certificate.

• Entrust.net Secure Server Certification Authority: This is the Authorize.Net CA certificate.

It is used to support credit card payments via Authorize.Net.

• Management Console Dummy Authority: Used when the management tool communicates with

HP PCM/PMM software.

NOTE: For security reasons, you should replace the default certificates with your own.

Certificate and private key store

This list displays all certificates installed on the controller. The controller uses these certificates and

private keys to authenticate itself to peers.

Items provided in this list are as follows:

378 Security