MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point

381

382

383

384

385

386

387

388

389

390

IPSec Trusted CA certificates

The controller uses the CA certificates to validate the certificates supplied by peers during the

authentication process. Multiple CA certificates can be installed to support validation of peers

with certificates issued by different CAs.

• Certificate file: Specify the name of the certificate file or select Browse to choose from a

list. CA certificates must be in X.509 or PKCS #7 format.

• Install: Select to install the specified certificate.

IPSec Manage CA certificates

Use this box to manage the root CA certificate.

• Certificate: Select from a list of installed certificates.

• Remove: Delete the item shown under Certificate.

• View: Open the item shown under Certificate for viewing.

IPSec Local certificate store

This is the certificate that the controller uses to identify itself to IPSec peers.

NOTE: If the local certificate includes a CA certificate, both certificates are installed.

• Certificate Request Wizard: Helps you to generate a certificate request that can be used

to obtain a signed certificate from a certificate authority. Once you obtain the certificate,

you can use the Certificate Request Wizard to install it on the controller.

• Certificate file: Specify the name of the certificate file or select Browse to choose from a

list.

• Password: Specify the certificate password.

• Install: Select to install the certificate.

IPSec Manage local certificate

Use this box to manage the local certificate.

• Certificate: Shows the common name of the installed certificate.

• Remove: Delete the item shown under Certificate.

• View: Open the item shown under Certificate for viewing.

IPSec X.509 certificate revocation list

Use this box to update the certificate revocation list (CRL) that is issued by the certificate authority.

The controller uses the CRL to determine if the certificates provided by clients during the

authentication process have been revoked. The controller will not establish a security association

with a client that submits a revoked certificate.

The controller can obtain a CRL in two ways:

• You can manually install it.

• The controller can automatically install a CRL based on information contained in a client

certificate. This occurs only if a CRL is not installed, or if the installed CRL is expired.

• CRL file: Specify the name of the CRL file or select Browse to choose from a list.

• Install: Select to install the specified CRL.

• LDAP server: A client certificate may contain a list of locations where the CRL can

automatically be retrieved. This location may be specified as an HTTP URL, FTP URL, LDAP

URL, or LDAP directory. If the LDAP URL or directory is incomplete, the controller uses the

location you specify to resolve the request. Incomplete HTTP or FTP URLs fail.

• Port: Port on the LDAP server. Default is 389.

382 Security