3-1-2-2. 802.1x Settings - CA Server Tab
CA Server is used when TLS, TTLS or PEAP is in use. When Use certificate chain is checked, the Client can verify if such server is reliable and then transmit Client Certificate after the verification is confirmed.
Figure 3-8. CA Server Setting
To verify the CA server:
1.Confirm if the Server Certificate is issued by assigned certificate issuer. If “Allow Intermediate Authentication” is checked, the server certificate can be issued by one intermediate certificate issuer.
2.Check the server name of server certificate is the same as the name entered by the user or belongs to the same domain.
Use certificate chain: If “Use certificate chain” is checked, it indicates that Client will confirm whether CA server is reliable. (Default: OFF)
Certificate issuer: CA of a server certificate can be selected from certificate issuers on the drop-down list. (Default: ANY)
Allow intermediate Certificates: When this option is checked, the certificate issuer can be an issuer recognized by a specific certificate issuer. On the other hand, the server certificate must be issued by a certificate issuer selected by the user.
Server name: This value can be a server name or the name of a domain where the server is located.
Server name must match exactly: If this option is selected, the server name of server certificate must be the same as “Server Name” or as the name of domain where the server is located.
Domain name must end in specified name: If this option is selected, the certificate issuer must be the domain or secondary domain entered in “Server Name”.
14