Managing Keys And Certificates; Why Use Keys And Certificates; Wireless Security Through Tls - D-Link DWS-1008 - AirPremier MobileLAN Switch Product Manual

Managing Keys and Certificates

A digital certificate is a form of electronic identification for computers. The switch requires digital certificates
to authenticate its communications to Web View, to WebAAA clients, and to Extensible Authentication
Protocol (EAP) clients for which the switch performs all EAP processing.
Certificates can be generated on the switch or obtained from a certificate authority (CA). Keys contained
within the certificates allow the switch, its servers, and its wireless clients to exchange information
secured by encryption.
Note: If the switch does not already have certificates, MSS automatically generates the missing ones
the first time you boot using MSS Version 4.2 or later. You do not need to install certificates unless you
want to replace the ones automatically generated by MSS. (For more information, see "Certificates
Automatically Generated by MSS".)
Note: Before installing a new certificate, verify with the show timedate and show timezone commands
that the switch is set to the correct date, time, and time zone. Otherwise, certificates might not be
installed correctly.

Why Use Keys and Certificates?

Certain switch operations require the use of public-private key pairs and digital certificates. All Web View
users, and users for which the switch performs IEEE 802.1X EAP authentication or WebAAA, require
public-private key pairs and digital certificates to be installed on the switch.
These keys and certificates are fundamental to securing wireless, wired authentication, and administrative
connections because they support Wi-Fi Protected Access (WPA) encryption and dynamic Wired-
Equivalency Privacy (WEP) encryption.

Wireless Security through TLS

In the case of wireless or wired authentication 802.1X users whose authentication is performed by
the switch, the first stage of any EAP transaction is Transport Layer Security (TLS) authentication and
encryption. Web View also require a session to the switch that is authenticated and encrypted by TLS.
Once a TLS session is authenticated, it is encrypted.
TLS allows the client to authenticate the switch (and optionally allows the switch to authenticate the client)
through the use of digital signatures. Digital signatures require a public-private key pair. The signature is
created with a private key and verified with a public key. TLS enables secure key exchange.
D-Link DWS-1008 User Manual