Setting Up The Certificates; Install Certificates On The Web Server; Define Attributes; Install A Certificate On Cn3000 - Colubris Networks CN3000 Administrator's Manual

Chapter 8 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOC authentication - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 8

Setting up the certificates

This section presents an overview of the certificates you need to install to secure
communication between the remote login page and the CN3000. For detailed
discussion of the issues, see
Install
Install an SSL certificate and its matching CA certificate into a folder on the web server
hosting the remote login page. The login application and the CN3000 will access the
certificates on
certificates from this location.
the web server
The SSL certificate will be used by the login application to secure communications with
the CN3000.

Define attributes

Add the following two attributes to the RADIUS profile for the CN3000 so that it can
retrieve the SSL and CA certificates from the web server:
Install a Note: This step is optional, but recommended.
certificate on Install an SSL certificate on the CN3000 to replace its default SSL certificate. This
certificate will be used to secure communications between the CN3000 and the login
CN3000
application on the web server.
If you do not change the default certificate on the CN3000, the login application may not
be able to validate the CN3000s certificate when establishing the SSL connection. The
reason for this is because the default certificate is self-signed and is not trusted by any
well-known CA.
This can be done by specifying an additional attribute in the RADIUS profile of the
CN3000.
ssl-certificate=URL
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 179 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ssl-noc-certificate= URL_of_the_Certificate
Certificate issued to the application on the web server that will send customer info to
the CN3000 for authentication.
ssl-noc-ca-certificate=URL_of_the_ certificate
Certificate of the certificate authority (CA) that issued the NOC certificate.
ssl-certificate=URL
Custom certificate installed on the CN3000.
"Addressing security concerns" on page 178.