Tls Certificate Expiration - Extreme Networks Summit WM Technical Reference Manual

Version 5.1

Hide thumbs Also See for Summit WM:

Installation instructions (1 page)

Getting started manual (126 pages)

Maintenance manual (130 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

page of 222

/ 222
Contents
Table of Contents
Bookmarks

Table of Contents

AP as 802.1X supplicant

Proxy

In proxy mode, the Summit WM Controller generates a CSR in PKCS#10 format for APs at the request

of the administrator and generates a private key for the AP. The Summit WM Controller installs the

certificate and private key to the AP once the CA has generated a signed certificate in DER encoding

(.CER). In this mode, the administrator is responsible for uploading the AP's certificate to the AP using

the Summit WM GUI. The Summit WM Controller installs the pair of certificate + private key to the AP.

Figure 24

below illustrates the process of installing TLS certificates using proxy mode.

Figure 24: Proxy mode

Administrator requests

certificate request (CR):

• WM generates public and

private key pair.

• WM generates CR in

PKCS#10 format from the

public key, common name

and the private key

• WM saves the private key

Using GUI page,

Administrator uploads the

certificate to the WM. WM

matches the certificate with

saved private key and installs

them on the AP.

TLS certificate expiration

Certificates have an expiration date assigned by the CA. Once a certificate expires, the AP cannot

authenticate to the Access Server and the AP is inaccessible as long as the authenticator (AU) port is

configured to perform 802.1X authentication. The AP performs checks on the installed certificate, detects

that a certificate is 30 days from expiring, and generates an AP log alarm which is forwarded to the

Summit WM Controller.

Alarms are continually generated as long as the certificate is not upgraded. The interval between logs is

halved each time. For example, 15 days after the 30 day alarm the AP generates a 15 day warning. After

that, the next warning is generated when 7 days are left, and so on. At most, one log per day is

generated and any pending log is cancelled if the certificate is replaced.

106

Summit WM Controller

Access Point

Certification authority

Transfer CR as

PKCS#10 file to

third-party CA

Transfer certificate in

DER encoding (.cer)

from CA to WM

Summit WM Technical Reference Guide, Software Version 5.1

On the third-party

CA server,

Administrator

creates certificate

from CR. Export the

certificate in X509

format DER

encoding (.cer).

Table of Contents

Tls Certificate Expiration - Extreme Networks Summit WM Technical Reference Manual

TLS certificate expiration

Related Manuals for Extreme Networks Summit WM

Related Content for Extreme Networks Summit WM

Table of Contents