HP Client Bridge M111 manual Certificate usage, Specify the Pkcs #12 password

Page 72

Working with the M111

Managing certificates

1.Specify the name of the certificate file or select Browse to choose one from a list. Certificates must be in PKCS #7 format.

2.Specify the PKCS #12 password.

3.Select Install to install the certificate.

Default installed private key/public key certificate chains

Note

The following private key/public key certificate chains are installed by default:

wireless.colubris.com: Default certificate used by the management tool.

When a web browser connects to the M111 using SSL, the M111 sends only its own SSL certificate to the browser. This means that if the certificate has been signed by an intermediate certificate authority, and if the web browser only knows about the root certificate authority that signed the public key certificate of the intermediate certificate authority, the web browser does not get the whole certificate chain it needs to validate the identity of the M111. Consequently, the web browser issues security warnings.

To avoid this problem, install an SSL certificate on the M111 only if it is directly signed by the root certificate authority or if you have appended all certificates that make up the chain.

Consequently, the web browser issues security warnings.

To avoid this problem, make sure that you install the entire certificate chain when you install a new certificate on the M111.

Note

An SNMP notification is generated when the M111’s SSL certificate is about to expire.

Certificate usage

To see the services that are associated with each certificate, select Security > Certificate usage. With the factory default certificates installed, the page will look like this:

Service: Name of the service that is using the certificate. To view detailed information on the certificate select the service name.

Authenticate to peer using: Name of the certificate and private key. The M111 is able to prove that it has the private key corresponding to the public key in the certificate. This is what establishes the M111 as a legitimate user of the certificate.

Number of associated CAs: Number of CA certificates used by the service.

3-42

Image 72
Contents ProCurve 5400zl Switches HP ProCurve M111 Client Bridge Page HP ProCurve M111 Client Bridge Publication Number Contents Working with the M111 Field descriptions To assign a management address Resetting to factory defaults Regulatory informationViii Introduction About this guide Products coveredImportant terms ConventionsCommands and program listings Example DescriptionKey features Introducing the M111 Client BridgeSafety information Professional Installation RequiredServicing HP ProCurve Networking support Online documentationBefore contacting support Getting started Scenario 1 Connecting wired devices to a wireless network Deploying the M111Overview Configuration procedure Configure your computerConnect to the M111 Passwords Select Network DNSConfigure a station profile Connect the wired computers to the M111  The printer is configured with a static IP address Configure MAC cloning options Connect the wired device to the M111 Scenario 3 Connecting a serial device to a wireless network Configure the serial connection Getting started Getting started Working with the M111 802.1X certificates Certificate stores Certificate usage About passwords Management toolStarting the management tool Customizing management tool settings Manager and Operator accountsPasswords Security policies SecurityIP address configuration Web serverAuto-refresh To configure IP addressing Radio configuration Wireless rangeTo configure the radio Wireless modeRestrict channels to Antenna selection Fast roaming threshold Fast roaming delta thresholdScan channel delay Fast scan channel delayFast roaming threshold count Minimum SNR thresholdUsing station profiles to establish a wireless link Advanced wireless settingsTransmit power control RTS thresholdWorking with the M111 To add or edit a station profile GeneralWireless security Wireless protectionKey source EAP methodWorking with the M111 Quality of service Viewing APs in the neighborhoodEncryption type Ap1certificate or ap2certificateConfiguring Quality of Service QoS Access categoryField descriptions QoS settings in a station profile Priority mechanisms802.1p Differentiated Services DiffServ Very-high, high, normal, low priorityDisabled Creating IP QoS profilesTo define an IP QoS profile Upstream DiffServ taggingConnecting serial devices SettingsProfile name Protocol Start port/ End portSerial port connector To connect a serial deviceTransmit timeout Idle timeoutMode Remote IP addressDrop wireless link when port 1 is connected Data bitsParity bit Stop bitsDNS configuration Connection timeTx kbytes Rx kbytesDNS switch on server failure Dynamically assigned DNS serversOverride dynamically assigned DNS servers ServerDNS switch over Enable the Redirect unsupported traffic to optionHandling unsupported traffic To forward unsupported trafficCloning the address of a wired device IP forwardingLimitations Wireless access to the M111 when MAC cloning is active Enabling Ethernet MAC cloningSetting up management traffic interception Management tool TCP portSnmp agent UDP port Select Management SnmpUsing filters to restrict wireless traffic Enable the Wireless traffic filters optionSnmp notifications UDP port Remote log UDP portAssigning a management address To assign a management addressSnmp Attributes V1/v2c communitiesV3 users Managing certificates Notification receivers802.1X Install TLS client certificate PasswordInstall 802.1X certificatesCertificate stores 802.1X Manage TLS client certificates802.1X Trusted CA certificates 802.1X Manage CA certificatesInstalling a new CA certificate Trusted CA certificate storeCA certificate import formats Certificate and private key store END CertificateDefault installed private key/public key certificate chains Specify the Pkcs #12 passwordCertificate usage Changing the certificate assigned to a service About certificate warningsConfiguration file management Manual configuration file managementBackup configuration Reset configuration Restore configurationScheduled operations Software updates Performing an immediate software update Performing a scheduled updateSelect Install Enable Scheduled installWorking with the M111 Regulatory information Manufacturers FCC Declaration of Conformity Statement Countries of Operation & Conditions of Use Operation Using 5 GHz Channels in the European Community GHz OperationSupported External Antennas 5470Indoor or outdoor use 1000 124, 128, 132, 136 Antenna Band GHzDGT LPD Low Power Device Statement Resetting to factory defaults Using the Reset button Using the management toolHow it works Page Technology for better business outcomes