Table of Contents
Advertisement
Chapter 10: General BSC Operational Settings
•
admin - Administrator login page at the specified host name and interface. Default
host name: admin. Default interface: Protected.
•
secure - PSec, L2TP/IPSec, or PPTP tunnel endpoint at the specified host name and
interface. Default host name: secure Default interface: Protected.
Local Domain Name for local host: Domain name space for those host names you want to
resolve locally (i.e. Enable DNS resolution for local domain names? is marked). Example:
If you specify wireless.net, the BSC intercepts all DNS requests to xxx.wireless.net, where
xxx is one of the host names listed in the Hostname column (see setting below).
Saving the
Click Save to save the DNS option settings to the BSC database.
settings
You may be prompted to restart the BSC. We recommend that you do not restart the BSC
until you have completely finished configuring the BSC for use in your network.
Digital Certificates
This section covers the following topics:
•
Overview
•
How the BSC Uses Certificates
•
Configuring External Server Authentication Over SSL
•
Requesting and Installing an IPSec Authentication Certificate
Overview
A digital certificate is similar to an electronic document, signed by a trusted source, that
identifies the source presenting it. A simple analogy is a passport: it contains information
about the holder and is signed by a third party (in this case, a government) whom you
trust as the issuer.
There are three types of digital certificates:
•
Trusted Certificate Authority (CA) - A digital certificate that has been signed by the
CA and resides on the server with which the BSC will communicate. The CA may be
either a commercially available certificate authority, such as VeriSign, or proprietary.
This certificate is also known as the root CA.
•
Trusted Server - A digital certificate that has not been signed by a CA and resides on
the server with which the BSC will communicate.
•
Client - A digital certificate issued to a client. The client must present this certificate to
the server before the server can grant the client's requests (such as setting up a
tunnel). This certificate may be either commercially available or proprietary.
How the BSC Uses Certificates
The BSC uses digital certificates in two ways:
•
LDAP/Active Directory, Cosign, Pubcookie, or CAS authentication over SSL - Some
authentication servers require SSL to ensure the privacy of data as it passes between
the BSC and the authentication server. To set up the SSL session, the BSC must first be
sure that the other partner (such as the LDAP/Active Directory server) is not an
imposter. The BSC must either have a copy of the authentication server certificate (in
a list of certificates for "trusted servers"), or the BSC must trust the root CA (trusted
CA) who signed the certificate used by the LDAP server. In some cases, the
authentication server may also require mutual authentication (whereby the server
presents a certificate to the BSC and the BSC presents a certificate to the server).
10-20
Advertisement
Table of Contents
