About certificates – Allied Telesis AT-WA7501 User Manual

AT-WA7500 and AT-WA7501 Installation and User’s Guide

209

About Certificates

Certificates encrypt communication between the internal RADIUS server,
RADIUS clients, and the supplicants and HTTPS clients.

There are two types of certificates:

ˆ

The trusted certificate authority (CA) certificate (commonly referred to
as the “root certificate” or “root cert”) is the public key. Trusted CA
certificates can be in *.PEM format or *.CER format. They can contain
several trusted CAs but should be kept to a maximum file size of 2Kb.

ˆ

The server certificate (sometimes referred to as the client certificate) is
the private key. Server certificates can be in either PKCS12 (*.P12/
*.PFX) or *.PEM format.

Understanding

Which Access

Points Need

Certificates

The next table summarizes when an access point needs to have a CA
certificate and/or a server certificate installed on it.

Table 2. Access Points and Certificates

Access Point

CA

Certificate

Needed

Server

Certificate

Needed

If you want to use the secure web browser
(HTTPS) on this access point

No

Yes

If this access point is an authentication
server in your 802.1x-enabled network

Yes

Yes

If this access point is a supplicant EAP-
TTLS client

Yes

No

If this access point is a supplicant EAP-
TLS client

Yes

Yes

If this access point is a backup RADIUS
server

No

Yes

If the child access point is using SWAP
and is an authenticator access point

No

No