Certificate Management With Win-2003 Server; Configuration In Mu (Client); Signing Certificate Request From Ws5000; Installing Ca & Server Certificate In Ws5K - Symbol WS5000 Series System Reference Manual

12-24
WS5000 Series Switch System Reference Guide

12.4.5 Certificate Management with Win-2003 server

Windows 2003 server has Certificate Authority(CA) functionality which can be used for signing requests. This
details the configuration for PEAP/TTLS authentication with WS5000 RADIUS server.
1. Install Certificate Authority which comes with Win-2003 server.
2. Create a CA in standalone mode at the end of installation

12.4.5.1 Configuration in MU (client)

1. Copy the CA certificate from the 2003 server to client (MU) in base64 encoded format.
2. Install the certificate in the client
3. Select Validate server certificate option in MU connection profile configuration.

12.4.5.2 Signing certificate request from WS5000

1. Generate the CSR from WS5000 using the self-certificate management window from the Applet.
(System Setting > Radius > Certificate Management > Self Certificate)
2. Provide the information required for CSR and click on the Generate button. Then copy the generated
CSR to a Win2003 server PC.
3. Execute certreq <CSR-file> <Cert-file>
server PC. [Cert-file : destination certificate filename]
12.4.5.3 Installing CA & Server Certificate in WS5k:
1. Make sure the time in switch is in sync with 2003 server
2. Load the CA certificate in WS5k using import CA certificate on self-certificate window of applet.(
System Setting > Radius > Certificate Management > Self Certificate) by clicking on the Import
CA Certificate button.
3. Load the server certificate in WS5000. Select the request ID and then click on the Import Server
certificate button on self-certificate window of applet. (System Setting > Radius > Certificate
Management > Self Certificate).Once imported, installation of CA and server certificates can be done
in the radius configuration window. (System Setting > Radius > Configuration > Install Certificates Tab).
Select the corresponding request id and the CA certificate id and click on the Apply Certificate button.

12.5 Firewall

WS5000, with the introduction of VPN services, acts as a device at the boundary between a public and a
private network. As such it must act not only as an encryption/decryption point but also as a gateway and a
firewall between two networks.Hence Firewall and Port Filter functionality is required, which can filter the
traffic based on a configured list of hosts. It also provides selective enable/disable of web, telnet and ftp on
the management interface.
WS5000 acts as gateway and a firewall between public and a private network in the below pattern:
• Public: Un-Trusted LAN
• Private: Trusted LAN
command from command prompt on the Win2003