Table of Contents
Advertisement
Chapter 11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Configuration parameters - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 11
LDAP server
A client certificate may contain a list of locations where the CRL can automatically be
retrieved. This location may be specified as an HTTP URL, FTP URL, LDAP URL, or
LDAP directory. If the LDAP URL or directory are incomplete, the CN3000 will use the
location you specify to resolve the request. Incomplete HTTP or FTP URLs will fail.
Port
Port on the LDAP server. Default is 389.
[IPSec] Manage
Use this box to manage the revocation list.
CRLs
certificate
This box displays the list of installed certificate revocation lists.
revocation list
Remove
Select a certificate in the list and click this button to delete it.
View
Select a certificate in the list and click this button to view it.
[SSL] Web
Use this option to replace the SSL certificate that ships with the CN3000 with one of
your own. This certificate is used when validating user logins to the management tool
Server
via SSL and when accepting authentication information from a remote server when
Certificate
NOC authentication is active.
The certificate must:
• be in PKCS #12 format.
• contain a private key. (The password is used to access the private key.)
• not have a name that is an IP address. The name should be a domain name
The name in the certificate is automatically assigned as the domain name of the
CN3000.
The default certificate has the name wireless.colubris.com.
Certificate chains
When a web browser connects to the CN3000 using SSL, the CN3000 only sends its
own SSL certificate to the browser. This means that if the certificate has been signed by
an intermediate Certificate Authority, and if the web browser only knows about the Root
Certificate Authority that signed the Public Key Certificate of the Intermediate Certificate
Authority, the web browser will not get the whole certificate chain it needs to validate the
identity of the CN3000.
Consequently, the web browser will issue security warnings.
To avoid this problem, only install an SSL certificate on the CN3000 if it is directly signed
by the root Certificate Authority or if you have appended all certificates that make up the
chain.
Certificate file
Specify the name of the certificate file or click Browse to select it.
Password
Specify the certificate password.
Install
Click this button to install the certificate.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 266 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
containing at least one dot. If you try to add a certificate with an invalid name, the
default certificate is restored.
- Quick Links:
- Introduction
- Wireless Radio
- Logging in
- Reset Button
Hide quick links:
Advertisement
Table of Contents
