Manualshelf

User's Guide

ManualsBrandsRiverbed Technology ManualsElectronics802.11abgn (2x2) access point for outdoor installations
31323334353637383940
Wireless Array
Configuring the Wireless Array 213
The Array’s certificate is signed by a Xirrus CA that is customized for your Array
and its current host name. By default, browsers will not trust the Array’s
certificate. You may import the Xirrus certificate to instruct the browser to trust
the Xirrus CA on all future connections to Arrays. The certificate for the Xirrus
CA is available on the Array, so that you can import it into your browser’s cache
of trusted CAs (right alongside VeriSign, for example). On the Management
Control window of the WMI you will see the xirrus-ca.crt file. (Figure 122)
By clicking and opening this file, you can follow your browser’s instructions and
import the Xirrus CA into your CA cache (see “HTTPS (X.509) Certificate” on
page 226 for more information). This instructs your browser to trust any of the
certificates signed by the Xirrus CA, so that when you connect to any of our
Arrays you should no longer see the warning about an untrusted site. Note
however, that this only works if you use the host name when connecting to the
Array. If you use the IP address to connect, you get a lesser warning saying that
the certificate was only meant for ‘hostname’.
Since an Array’s certificate is based on the Array’s host name, any time you
change the host name the Array’s CA will regenerate and sign a new certificate.
This happens automatically the next time you reboot after changing the host
name. If you have already installed the Xirrus CA on a browser, this new Array
certificate should automatically be trusted.
When you install the Xirrus CA in your browser, it will trust a certificate signed
by any Xirrus Array, as long as you connect using the Array’s host name.
Using an External Certificate Authority
If you prefer, you may install a certificate on your Array signed by an outside CA.
Why use a certificate from an external CA? The Array’s certificate is used for
security when stations attempt to associate to an SSID that has Web Page Redirect
enabled. In this case, it is preferable for the Array to present a certificate from an
external CA that is likely to be trusted by most browsers. When a WPR login page
is presented, the user will not see a security error if the Array’s certificate was
obtained from an external CA that is already trusted by the user’s browser.