Dns Name And Web Browser Clients - Alcatel-Lucent OmniSwitch 6850-48 Network Configuration Manual

Setting Up Authentication Clients
3
Click on the "Install Certificate" button at the bottom of the "Certificate Information" window. This
step launches the Certificate Import Wizard.
4
Click the "Next" button to continue with the Certificate Import Wizard process. The "Certificate
Store" window displays.
5
Select "Place all certificates in the following store" and click on the "Browse" button. This will
display a list of certificate stores.
6
Select "Trusted Root Certification Authorities" from the list of stores and continue with the wizard
installation process. A "Security Warning" window will display containing a warning about installing
the certificate.
Click the "Yes" button in the "Security Warning" window to finish installing the certificate. After the
certificate is installed, the browser no longer displays the certificate error message.
Mac OSX.1 Clients
On Mac OSX.1, if you are using the wv-cert.pem file or another self-signed certificate, the certificate file
must be FTP'd to the workstation and installed with the keytool command as follows:
1
FTP the wv-cert.pem file (or the relevant certificate file) from the /flash/switch directory on the switch
to the workstation.
2
On the Mac workstation, open a Terminal application at the root (see the previous section for informa-
tion about enabling root access). Enter the following command:
keytool -import -keystore <path to JDK installation>/lib/security/cacerts -alias ALCATEL_AVLAN
- file <path to certificate file>
For example:
keytool -import -keystore /System/Library/Frameworks/JavaVM.framework/Versions/
1.3.1/Home/lib/security/cacerts -alias ALCATEL_AVLAN - file/Users/endalat/
Destop/wv-cert.pem
Note. The keytool command requires a password. By default, the password is changeit.

DNS Name and Web Browser Clients

For Mac OSX.1 clients, the DNS name in the certificate must match the DNS name configured on the
switch through the aaa avlan dns command. If the DNS names do not match, the Java applet in the client
cannot be loaded and the client cannot authenticate. (For other clients, if the DNS names do not match, a
warning will display when the client attempts to authenticate; however, the client is still allowed to authen-
ticate.)
The wv-cert.pem certificate contains a default DNS name (webview). To configure the DNS name on the
switch, enter the aaa avlan dns command with the DNS name matching the one in the certificate. For
example:
-> aaa dns avlan webview
On the browser workstation, the authentication user must enter the DNS name in the browser command
line to display the authentication page.
For more information about configuring a DNS name, see
page 36-12 OmniSwitch AOS Release 6 Network Configuration Guide
Configuring Authenticated VLANs
"Setting Up a DNS Path" on page 36-29.
September 2009