User manual
AN-80i User Manual
70-00072-01-10 Proprietary Redline Communications © 2011 Page 127 of 152 March 2, 2011
The FIPS Status screen provides a summary of the all FIPS related operations, policies,
and parameter settings. The following example screen indicates that the user accounts
do not comply with the FIPS security policy (and HTTPS is enabled).
Fig. 54: Security - FIPS Status Popup - Invalid Account Setup
8.3.2 FIPS: Wireless Authentication
The FIPS mode option includes wireless authentication using X.509 certificates, and
AES encryption.
Out-of-Box Operation
Wireless authentication in FIPS mode is not
supported out of box. Each AN-80i system
to be setup with wireless authentication must
meet the following requirements:
1. AN-80i software with FIPS support is loaded and operational.
2. FIPS bypass mode must be active (see FIPS Mode Out-of-Box Operation).
3. The user must create X.509 certificate and key files for wireless authentication and
load these in the FIPS (fips) table (requires reboot). The fips table is accessible only
by using SSH when FIPS mode is active.
Load FIPS Wireless Certificate and Key Files
Use the following steps to setup wireless authentication:
1. Use a commercially available tool to create the required X.509 certificates and keys.
The filenames must be formatted as follows:
usr_wacert_<mac>.der X.509 authority certificate
usr_wcert_<mac>.der X.509 certificate
usr_wkey_<mac>.der Private key
2.
Copy the certificate and key files to the default directory on a TFTP server.
3. Use the CLI 'load' command to copy the X.509 certificate and key files to the AN-80i.
4. Use the command 'show files fips' to verify the files have been successfully loaded.
5. Reboot the AN-80i to activate changes to the key files.
6. Enable wireless authentication.
4Gon www.4Gon.co.uk info@4gon.co.uk Tel: +44 (0)1245 808295 Fax: +44 (0)1245 808299