Certificates, Certificate management – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 728

716
Brocade Mobility RFS Controller System Reference Guide
53-1003099-01
14
8. Refer to the Available APs column, and use the > button to move the selected Access Point into
the list of Selected APs available for RF Domain Manager candidacy. Use the >> button to
move all listed Access Points into the Selected APs table.
The re-election process can be achieved through the selection of an individual Access
Point, or through the selection of several Access Points with a specific Tunnel Controller
Name matching the selected Access Points.
9. Select Re-elect to designate the Selected AP(s) as resources capable of tunnel establishment.
Certificates
A certificate links identity information with a public key enclosed in the certificate.
A certificate authority (CA) is a network authority that issues and manages security credentials and
public keys for message encryption. The CA signs all digital certificates it issues with its own private
key. The corresponding public key is contained within the certificate and is called a CA certificate. A
browser must contain this CA certificate in its Trusted Root Library so it can trust certificates signed
by the CA's private key.
Depending on the public key infrastructure, the digital certificate includes the owner's public key,
the certificate expiration date, the owner's name and other public key owner information.
Each certificate is digitally signed by a trustpoint. The trustpoint signing the certificate can be a
certificate authority, corporation or individual. A trustpoint represents a CA/identity pair containing
the identity of the CA, CA-specific configuration parameters and an association with an enrolled
identity certificate.
SSH keys are a pair of cryptographic keys used to authenticate users instead of, or in addition to, a
username/password. One key is private and the other is public key. Secure Shell (SSH) public key
authentication can be used by a client to access managed resources, if properly configured. A RSA
key pair must be generated on the client. The public portion of the key pair resides with the
controller or service platform, while the private portion remains on a secure local area of the client.
For more information on the certification activities support by the controller or service platform,
refer to the following:
•
•
•
•
Generating a Certificate Signing Request
Certificate Management
If not wanting to use an existing certificate or key with a selected device, an existing stored
certificate can be leveraged from a different managed device for use with the target device. Device
certificates can be imported and exported to and from the controller or service platform to a secure
remote location for archive and retrieval as they are required for application to other managed
devices.
To configure trustpoints for use with certificates: