Managing Certificates - Symbol WS5000 Series System Reference Manual

1. Use the Data Source
• If you select Local, the internal User Database serves as the data source. Refer to the
screen to enter the user data. For more information, see
Configuring Radius Users on page
• If you select LDAP, the switch uses the data in an LDAP server. Configure the LDAP server settings
on the LDAP screen under Radius Server on the menu tree. For more information, see
LDAP Authentication on page
2. Use the Default EAP Type
EAP type for the Radius server. The options are PEAP and TTLS.
• Protected EAP (PEAP) uses a TLS layer on top of EAP as a carrier for other EAP modules. PEAP is
an ideal choice for networks using legacy EAP authentication methods.
• Tunneled TLS EAP (EAP-TTLS) is similar to EAP-TLS, but the client authentication portion of the
protocol is not performed until after a secure transport tunnel has been established. This allows
EAP-TTLS to protect legacy authentication methods used by some Radius servers.
3. Specify an EAP Authentication Type
field. The options include
• EAP Generic Token Card (GTC) is a challenge handshake authentication protocol that uses a
hardware token card to provide the response string.
• Microsoft CHAP (MSCHAP-V2) is an encrypted authentication method based on Microsoft's
challenge/response authentication protocol.
4. Click one of the following buttons in the screen:
Apply
Undo
Cancel
Help

5.2 Managing Certificates

To generate a certificate request from the WS5000 Series Switch:
1. Select System Settings > Radius > Certificate Management > Self
2. Click the Add button.
3. Enter the certificate signing request (CSR) information and click the Generate button.
4. Copy the generated CSR to a file (with a .req extension) in a Windows 2003 server PC that contains the
CA.
5. Run the certreq command from the command prompt on the Windows 2003 server PC.
The command prompts you for the CSR file.
Enter the name of the CSR file generated from the switch.
The command prompts for the destination to place the server certificate.
drop-down menu to select the data source for the local Radius server.
5-11.
5-7.
drop-down menu in the TTLS/PEAP Configuration
from the drop-down menu in the
GTC and MSCHAP-V2.
Saves your changes
Closes the screen without saving your changes. This reverts
the screen back to the last saved configuration.
Exits the applet and terminate this session
Displays the online help
Configuring User Authentication
Users
Configuring
field to specify the
TTLS/PEAP Configuration
Certificate.
5-3