Setting Up An Intermediate Certificate Authority - Dell Powerconnect W-ClearPass Hardware Appliances Deployment Manual

The Key Type drop-down list specifies the type of private key that should be created for the certificate. You can
l
select one of these options:
1024-bit RSA – not recommended for a root certificate
n
2048-bit RSA – recommended for general use
n
4096-bit RSA – higher security
n
In the Self-Signed Certificate section:
Use the CA Expiration field to specify the lifetime of the root certificate in days. The default value of 3653 days
l
is a 10-year lifetime.
The Clock Skew Allowance field adds a small amount of time to the start and end of the root certificate's
l
validity period. This permits a newly issued certificate to be recognized as valid in a network where not all
devices are perfectly synchronized.
The Digest Algorithm drop-down list allows you to specify which hash algorithm should be used.
l
NOTE: MD5 is not recommended for use with root certificates.
Mark the Generate CA certificate and invalidate all other certificates check box to confirm the changes.
Click the Create Root Certificate button to save the settings and generate a new root certificate.

Setting Up an Intermediate Certificate Authority

After you choose Intermediate CA on the Certificate Authority Settings form and click Continue, the Intermediate
Certificate Settings form opens. The Intermediate Certificate Settings form is used to configure the distinguished
name and properties for the certificate authority's certificate, which will be issued by an external certificate
authority.
NOTE: If you intend to change any of the intermediate certificate's distinguished name properties, and you have previously created
any client or server certificates or performed device provisioning using the existing intermediate certificate, these certificates will
be invalidated because the intermediate certificate's distinguished name has changed. In this case, you should use the Reset to
Factory Defaults form (see
provision all devices. You will also need to reissue any server or subordinate CA certificates.
To avoid the complication of revoking and reissuing certificates, it is recommended that you configure the
certificate authority before any device provisioning or other configuration is done.
84 | Setting Up an Intermediate Certificate Authority
"Resetting Onboard Certificates and Configuration " on page 130) to delete all client certificates and re-
Dell Networking W-ClearPass Guest 6.0 | Deployment Guide