Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
671672673674675676677678679680
11-8
RADIUS Server
RADIUS Authentication
Specifying the RADIUS Servers Digital Certificate
As an authentication server, the Wireless Edge Services zl Module requires various
certificates:
a server certificate
No matter which EAP type you select, the internal RADIUS server must
authenticate itself using a digital certificate.
By default, the module identifies itself to users with the server certificate in the
default-trustpoint. This certificate is installed on the module when it ships and
is self-signed with the name Hewlett-Packard.
Alternatively, the module can authenticate itself with one of these certificates:
a self-signed certificate that you create on the module
a digital certificate signed by a trusted certificate authority (CA) and
installed on the module
a CA certificate
The Wireless Edge Services zl Module uses the public key in the CA certificate
to verify certificates signed by that CA.
For example, for EAP-TLS, the RADIUS server checks users’ digital certifi-
cates. So the server needs the CA certificate for the CA that signed the users’
digital certificates.
On the Wireless Edge Services zl Module, you create trustpoints and load certificates
into those trustpoints. Install the correct certificates before completing the following
tasks for the RADIUS server:
selecting which of the module’s own digital certificates it should use to authen-
ticate to users (mandatory)
selecting which of the module’s CA certificates it should use to authenticate
users (for EAP-TLS)
See “Digital Certificates” on page 2-163 of Chapter 2: “Configuring the ProCurve
Wireless Edge Services zl Module” for instructions on creating trustpoints.
Then follow these steps:
1. Select Network Setup > Radius Server and click the Authentication tab.
2. In the Cert Trustpoint drop-down menu, select the trustpoint in which you have
loaded the server certificate for RADIUS authentication.
Selecting <Create a New Certificate> opens the Certificates Wizard and guides
you through the creation or installation of certificates.