beautypg.com

Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual

Page 74

background image

60

Brocade Mobility 5181 Access Point Product Reference Guide

53-1002516-01

Managing Certificate Authority (CA) certificates

4

The content of certificate request is copied to the clipboard.

Create an email to your CA, paste the content of the request into the body of the message and
send it to the CA.

The CA signs the certificate and will send it back. Once received, copy the content from the
email into the clipboard.

7. Click the Paste from clipboard button.

The content of the email displays in the window.

NOTE

Click the Load Certificate button to import the certificate and make it available for use as a
VPN authentication option. The certificate ID displays in the Signed list.

NOTE

If the Mobility 5181 Access Point is restarted after a certificate request has been generated
but before the signed certificate is imported, the import will not execute properly. Do not
restart the Mobility 5181 Access Point during this process.

8. To use the certificate for a VPN tunnel, first define a tunnel and select the IKE settings to use

either RSA or DES certificates. For additional information on configuring VPN tunnels, see

“Configuring VPN tunnels”

on page 151.

Creating a certificate for onboard RADIUS authentication

The Mobility 5181 Access Point can use its on-board RADIUS Server to generate certificates to
authenticate Clients for use with the access point. In addition, a Windows 2000 or 2003 Server is
used to sign the certificate before downloading it back to the access point’s on-board Radius server
and loading the certificate for use with the access point.

Both a CA and Self certificate are required for Onboard Radius Authentication. For information on
CA Certificates, see

“Importing a CA certificate”

on page 56. Ensure the certificate is in a Base 64

Encoded format or risk loading an invalid certificate.

CAUTION

If using the RADIUS time-based authentication feature to authenticate access point user
permissions, ensure the access point’s time is synchronized with the CA server used to generate
certificate requests.

CAUTION

Self certificates can only be generated using the access point GUI and CLI interfaces. No
functionality exists for creating a self-certificate using the access point’s SNMP configuration
option.

To create a self certificate for on-board RADIUS authentication:

See also other documents in the category Brocade Computer Accessories: