Testing A Local Certificate Authority Eas - Aruba Networks PowerConnect W Clearpass 100 Software Deployment Manual

Testing a Local Certificate Authority EAS

For Local Certificate Authority external authentication servers, additional testing options are included to
simulate EAP-TLS authentication with a client certificate.
1. To specify the network layer to test against, mark the radio button in the Mode row for either the local
RADIUS server or a remote RADIUS server.
2. To indicate the value for the User-Name field for outer authentication in the RADIUS access request,
mark one of the radio buttons in the Identity row. You can use either the client's local certificate's
common name or another value.
3. (Optional) You may enter a value in the MAC Address field for the Calling-Station-Id attribute.
4. In the TLS Identity drop-down list, choose the format of the TLS client certificate. The rest of the
options available in the Inner Authentication area of the form depend on the TLS Identity selected. To
provide details for the selected TLS identity, do one of the following:
If you selected PKCS#12 container with certificate and key (.p12, .pfx) for the TLS identity:
1. In the PKCS#12 row, browse to the file in your system that contains both the client certificate and the
client's private key. When this file is uploaded, if a CA certificate is also included, it is used to verify the
server's identity.
2. (Optional) In the Passphrase row, you may enter the passphrase for the client's private key.
3. (Optional) To provide a file containing a CA certificate for verifying the server's identity, you can use the
Certificate Authority row to browse to the file.
ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 175