Manualshelf

WESM zl Management and Configuration Guide WT.01.03 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
261262263264265266267268269270
2-166
Configuring the ProCurve Wireless Edge Services zl Module
Digital Certificates
Digital Certificates
The Wireless Edge Services zl Module supports digital certificates, which are
used to identify a host uniquely.
The Wireless Edge Services zl Module uses certificates for several purposes:
HTTPS access—The module’s server certificate authenticates the mod-
ule to your Web browser.
RADIUS authentication services802.1X authentication with Exten-
sible Authentication Protocol (EAP) requires mutual authentication. In
other words, the module’s RADIUS authentication server must send a
server certificate and authenticate to supplicants.
Autokey authentication for secure NTP—The module sends its cer-
tificate to the secure NTP server to authenticate itself and generate keys
to secure NTP exchanges.
Overview
Digital certificates rely on asymmetric encryption with public/private key
pairs. Data encrypted by a private key must be decrypted by the corresponding
public key. A host “signs” data by encrypting it with its private key—something
only it can do because only it knows the private key. Other hosts verify the
signature by decrypting the signature with the public key.
A digital certificate ties a public key to a particular host’s identity. Typically, a
trusted third-party, called the certificate authority (CA), issues certificates. A
less secure option is a self-signed certificate, which is issued by the host itself.
In either case, the issuer of a certificate is referred to as a trustpoint.
A certificate itself consists of:
the host’s identification information
the host’s public key
the function used to hash the certificate
the CAs digital signature