Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
261262263264265266267268269270
2-163
Configuring the ProCurve Wireless Edge Services zl Module
Digital Certificates
Clock Offset—the calculated offset, in seconds, between the module and the
source. The module adjusts its clock to match the servers time value. The offset
gravitates toward zero over time, but is never completely reduced to zero.
Root delay—the total round-trip delay, in seconds. This variable can take on both
positive and negative values, depending on the relative time and frequency
offsets. The values that normally are displayed in this field range from negative
values of a few milliseconds to positive values of several hundred milliseconds.
Root Dispersion—the nominal error relative to the primary time source, in
seconds. The values that normally are displayed in this field range from 0
through several hundred milliseconds.
Digital Certificates
The Wireless Edge Services zl Module supports digital certificates, which are used
to identify a host uniquely.
The Wireless Edge Services zl Module uses certificates for several purposes:
HTTPS access—The module’s server certificate authenticates the module to
your Web browser.
RADIUS authentication services—802.1X authentication with Extensible
Authentication Protocol (EAP) requires mutual authentication. In other words,
the module’s RADIUS authentication server must send a server certificate and
authenticate to supplicants.
Autokey authentication for secure NTP—The module sends its certificate to
the secure NTP server to authenticate itself and generate keys to secure NTP
exchanges.
Overview
Digital certificates rely on asymmetric encryption with public/private key pairs. Data
encrypted by a private key must be decrypted by the corresponding public key. A
host “signs” data by encrypting it with its private key—something only it can do
because only it knows the private key. Other hosts verify the signature by decrypting
the signature with the public key.
A digital certificate ties a public key to a particular host’s identity. Typically, a trusted
third-party, called the certificate authority (CA), issues certificates. A less secure
option is a self-signed certificate, which is issued by the host itself. In either case,
the issuer of a certificate is referred to as a trustpoint.