Secure Socket Layer (Ssl) - Proxim Orinoco AP-2500 User Manual

Public access ap

Hide thumbs Also See for Orinoco AP-2500:

User manual (250 pages)

Quick installation manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

Table of Contents

Public Space Parameters

Secure Socket Layer (SSL)

The AP-2500 supports Secure Socket Layer (SSL) to provide end-to-end encrypted links between the AP and

subscribers using HTTPS pages. HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer; it is a

protocol built into Web browsers that encrypts and decrypts user page requests as well as the pages that are returned

by a Web server.

When enabled, SSL protects the information exchanged between your subscribers and the AP (this is particularly

important if you authenticate subscribers based on User Name and Password via RADIUS).

Enabling SSL is a two-part process. First, you need to create two SSL keys and locate a third key, which is provided on

the AP's CD. Once you have the keys, you can download them to the AP and configure the SSL parameters.

Creating SSL Keys

You need to download three keys to the AP-2500 before enabling SSL. You must create two of these keys yourself: a

Private Key file (cakey.pem) and a Public Key file (server.pem). Proxim provides the third key (cacert.pem), on the

AP's CD in the SSL_KEY folder (it is also included with software updates posted on Proxim's Web site).

To create cakey.pem and server.pem, you must contact a Certification Authority (CA). Many companies offer

certification services. Each CA has its own set of qualification requirements that a company must meet before the CA

will grant an SSL certificate. Proxim recommends that you use a well-known CA, such as Verisign

(http://www.verisign.com/). Refer to Verisign's Web site for more information on SSL and obtaining an SSL certificate.

NOTE: As of the release of this document, Verisign provides free trial SSL certificates for testing purposes. See

Verisign's Web site for details.

The following steps provides an overview of how to create cakey.pem and server.pem:

Download and install Cygwin from the Internet. It is available as a free download at several Web sites

including http://www.cygwin.com/.

•

Cygwin is a UNIX environment for Windows. It operates on computers running Windows 95 and later

(except Windows CE).

•

Download and execute the Cygwin Setup.exe file. Follow the on-screen instructions to install the

software.

•

When prompted to select packages to install, select cygwin and openssl only. You do not need to install

any other packages (in other words, you can skip them).

•

You will use the openssl program to generate keys.

Locate or generate five large random files and rename them a.dat, b.dat, c.dat, d.dat, and e.dat.

•

These files are used to seed the random number generator.

•

These files can be any file type (such as Word, Excel, etc.) but you should change the file names to "*.dat"

as described above (a.dat through e.dat). Verisign recommends using large compressed log files.

•

The files can have any name but must follow standard DOS naming conventions (that is, a file name with

a maximum of eight characters, a period, and a three-character extension).

Copy or move these five dat files to the directory where openssl.exe is installed (typically c:\cygwin\bin\).

Open an MS-DOS command prompt.

Use the cd command to open the directory that contains openssl.exe and the five random files.

•

If the files are installed at c:\cygwin\bin\, the command prompt should read: C:\CYGWIN\BIN>

Type the following command and press Enter to generate a private key with the name cakey.pem:

openssl genrsa -rand file1:file2:file3:file4:file5 1024 > cakey.pem

•

genrsa is the OpenSSL command to generate a private key.

•

-rand is followed by the name of the five random files (include file name extensions and separate files by

colons); this argument specifies the names of the files containing random data for the random number

generator.

•

1024 is the size of the private key to generate in bits.

•

> cakey.pem specifies the name of the output files.

•

Due to buffer size limitations, the line length should not exceed 80 characters.

•

Do not encrypt the key with any encryption options (such as -des, -des3, or -idea).

•

See

http://www.openssl.org/

for more information on this command.

106

Table of Contents

Secure Socket Layer (Ssl) - Proxim Orinoco AP-2500 User Manual

Secure Socket Layer (SSL)

Troubleshooting

Related Manuals for Proxim Orinoco AP-2500

Related Content for Proxim Orinoco AP-2500

Table of Contents