Storing Credentials On The Ap; Tls Credential Management - Extreme Networks Summit WM Technical Reference Manual

Storing credentials on the AP

Credentials are stored on the AP in persistent storage. The private key is encrypted (i.e. scrambled)
using a 256-bit key called AP storage key (APSK). Resetting the AP to factory defaults destroys the
private keys and the certificates.
The Summit WM Controller stores the AP's private key and certificate for as long as is required to
transfer it to the AP. Once the AP acknowledges the successful receipt of a valid key and certificate, the
Summit WM Controller destroys its copies.

TLS credential management

When configuring an AP with EAP-TLS, the Summit WM Controller can operate in two modes:
Pass-through
●
Proxy
●
Pass-through
In pass-through mode, the Summit WM Controller simply installs certificates and private keys on the
APs. The Summit WM Controller does not issue certificate signing requests on behalf of the APs and
does not serve any PKI functions. All PKI functionality, including maintaining backups of certificates is
the responsibility of the administrator, who uses a PKI tool set external to the controller for this
purpose. In this case, TLS certificate and private keys must be delivered to the Summit WM Controller
in Personal Information Exchange - PKCS#12 (.PFX) format.
Figure 23: Pass-through mode
Access Point
2
Using GUI page,
Administrator uploads
PFX file to WM. WM
extracts certificate and
private key from the file
and installs them on
the AP.
Summit WM Technical Reference Guide, Software Version 5.1
Summit WM Controller
Transfer certificate
and private key as
PKCS#12 (.pfx) file
to WM.
Certification authority
1
Generate certificate
and private key on
CA. Export them as
file in PKCS#12
format (.pfx).
105