HP Client Bridge M111 manual 802.1X certificates, 802.1X Install TLS client certificate, Password

Page 68

Working with the M111

Managing certificates

802.1X certificates

802.1X certificates are managed on the Security > 802.1X certificates page.

The M111 supports two 802.1X certificates:

TLS client certificate: Installation of this certificate is mandatory if 802.1X with an EAP method of TLS is configured under Wireless security in a station profile. The M111 will supply this certificate to peers during the authentication process.

Trusted CA certificate: Installation of this certificate is mandatory if 802.1X with an EAP method of TLS, TTLS, or PEAP is configured under Wireless security in a station profile, and the Validate server certificate is also enabled. The M111 will use this certificate to validate certificates supplied by peers during the authentication process.

802.1X — Install TLS client certificate

Use this option to install a certificate for TLS authentication. The M111 will supply this certificate to peers during the authentication process.

The certificate must:

be in PKCS #12 format.

contain a private key. (The password is used to access the private key.)

not have a name that is an IP address. The name should be a domain name containing at least one dot.

Certificate file

Specify the name of the certificate file or select Browse to select it.

Password

Specify the certificate password.

Install

Select this button to install the certificate.

3-38

Image 68

Contents ProCurve 5400zl Switches HP ProCurve M111 Client Bridge Page HP ProCurve M111 Client Bridge Publication Number Contents Working with the M111 Field descriptions To assign a management address Resetting to factory defaults Regulatory informationViii Introduction About this guide Products coveredImportant terms ConventionsCommands and program listings Example DescriptionKey features Introducing the M111 Client BridgeServicing Safety informationProfessional Installation Required Before contacting support HP ProCurve Networking supportOnline documentation Getting started Overview Scenario 1 Connecting wired devices to a wireless networkDeploying the M111 Configuration procedure Configure your computerConnect to the M111 Passwords Select Network DNSConfigure a station profile Connect the wired computers to the M111  The printer is configured with a static IP address Configure MAC cloning options Connect the wired device to the M111 Scenario 3 Connecting a serial device to a wireless network Configure the serial connection Getting started Getting started Working with the M111 802.1X certificates Certificate stores Certificate usage Starting the management tool About passwordsManagement tool Customizing management tool settings Manager and Operator accountsPasswords Security policies SecurityAuto-refresh IP address configurationWeb server To configure IP addressing Radio configuration Wireless rangeRestrict channels to To configure the radioWireless mode Antenna selection Fast roaming threshold Fast roaming delta thresholdScan channel delay Fast scan channel delayFast roaming threshold count Minimum SNR thresholdUsing station profiles to establish a wireless link Advanced wireless settingsTransmit power control RTS thresholdWorking with the M111 To add or edit a station profile GeneralWireless security Wireless protectionKey source EAP methodWorking with the M111 Quality of service Viewing APs in the neighborhoodEncryption type Ap1certificate or ap2certificateField descriptions Configuring Quality of Service QoSAccess category 802.1p QoS settings in a station profilePriority mechanisms Differentiated Services DiffServ Very-high, high, normal, low priorityDisabled Creating IP QoS profilesTo define an IP QoS profile Upstream DiffServ taggingConnecting serial devices SettingsProfile name Protocol Start port/ End portSerial port connector To connect a serial deviceTransmit timeout Idle timeoutMode Remote IP addressDrop wireless link when port 1 is connected Data bitsParity bit Stop bitsDNS configuration Connection timeTx kbytes Rx kbytesDNS switch on server failure Dynamically assigned DNS serversOverride dynamically assigned DNS servers ServerDNS switch over Enable the Redirect unsupported traffic to optionHandling unsupported traffic To forward unsupported trafficLimitations Cloning the address of a wired deviceIP forwarding Wireless access to the M111 when MAC cloning is active Enabling Ethernet MAC cloningSetting up management traffic interception Management tool TCP portSnmp agent UDP port Select Management SnmpUsing filters to restrict wireless traffic Enable the Wireless traffic filters optionSnmp notifications UDP port Remote log UDP portAssigning a management address To assign a management addressSnmp V3 users AttributesV1/v2c communities Managing certificates Notification receivers802.1X Install TLS client certificate PasswordInstall 802.1X certificatesCertificate stores 802.1X Manage TLS client certificates802.1X Trusted CA certificates 802.1X Manage CA certificatesCA certificate import formats Installing a new CA certificateTrusted CA certificate store Certificate and private key store END CertificateCertificate usage Default installed private key/public key certificate chainsSpecify the Pkcs #12 password Changing the certificate assigned to a service About certificate warningsBackup configuration Configuration file managementManual configuration file management Scheduled operations Reset configurationRestore configuration Software updates Performing an immediate software update Performing a scheduled updateSelect Install Enable Scheduled installWorking with the M111 Regulatory information Manufacturers FCC Declaration of Conformity Statement Countries of Operation & Conditions of Use Operation Using 5 GHz Channels in the European Community GHz OperationSupported External Antennas 5470Indoor or outdoor use 1000 124, 128, 132, 136 Antenna Band GHzDGT LPD Low Power Device Statement Resetting to factory defaults How it works Using the Reset buttonUsing the management tool Page Technology for better business outcomes