Certificate management – Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility Access Point System Reference Guide

227

53-1003100-01

5

Refer to the Device Overrides field to assess whether overrides have been applied to the device’s
configuration. Use the Clear Overrides button to clear all device overrides and reset the
configuration to its default values.

Refer to the Set Clock field to update the system time.

Refer to the Device Time parameter to assess the device’s current time. If the device’s time has not
been set, the device time is displayed as unavailable. Select Refresh to update the device’s system
time.

Use the New Time parameter to set the calendar day, hour and minute. Use the AM and PM radio
buttons to refine whether the updated time is for the AM or PM. This time can be synchronized with
the use of an external NTP resource.

When completed, select Update Clock to commit the updated time to the device.

Select OK to save the changes to the basic configuration. Selecting Reset reverts the screen to its
last saved configuration.

Certificate Management

Overriding a Device Configuration

A certificate links identity information with a public key enclosed in the certificate.

A certificate authority (CA) is a network authority that issues and manages security credentials and
public keys for message encryption. The CA signs all digital certificates it issues with its own private
key. The corresponding public key is contained within the certificate and is called a CA certificate. A
browser must contain this CA certificate in its Trusted Root Library so it can trust certificates signed
by the CA's private key.

Depending on the public key infrastructure, the digital certificate includes the owner's public key,
the certificate expiration date, the owner's name and other public key owner information.

Each certificate is digitally signed by a trustpoint. The trustpoint signing the certificate can be a
certificate authority, corporation or individual. A trustpoint represents a CA/identity pair containing
the identity of the CA, CA-specific configuration parameters, and an association with an enrolled
identity certificate.

SSH keys are a pair of cryptographic keys used to authenticate users instead of, or in addition to, a
username/password. One key is private and the other is public key. Secure Shell (SSH) public key
authentication can be used by a client to access resources, if properly configured. A RSA key pair
must be generated on the client. The public portion of the key pair resides with the licensed device,
while the private portion remains on the client.

The certificate configuration used by an access point managed device can be changed (overridden)
as changes in security credentials require modification in the management of the device.

To override a managed device’s certificate configuration:

Select the Configuration tab from the Web UI.

Select Devices.

Select Device Overrides.

Select a target device’s MAC address from the device browser in the lower, left-hand side of the UI.

Select Certificates from the Device menu.