Security
Working with certificates
12-6
The controller uses these certificates to validate certificates supplied by:
Managers or operators accessing the controller’s management tool.
HTML users accessing the public access interface.
SOAP clients communicating with the controller’s SOAP server.
RADIUS EAP
The following information is presented for each certificate in the list:
ID: A sequentially assigned number to help identify certificates with the same common
name.
Issued to: Name of the certificate holder. Select the name to view the contents of the
certificate.
Current usage: Lists the services that are currently using this certificate.
CRL: Indicates if a certificate revocation list is bound to the certificate. An X.509
certificate revocation list is a document produced by a certificate authority (CA) that
provides a list of serial numbers of certificate that have been signed by the CA but that
should be rejected.
Delete: Select to remove the certificate from the certificate store.
Installing a new CA certificate
1. Specify the name of the certificate file or select Browse to choose from a list. CA
certificates must be in X.509 or PKCS #7 format.
2. Select Install to install a new CA certificate.
CA certificate import formats
The import mechanism supports importing the ASN.1 DER encoded X.509 certificate directly
or as part of two other formats:
PKCS #7 (widely used by Microsoft products)
PEM, defined by OpenSSL (popular in the Unix world)
The CRL can be imported as an ASN.1 DER encoded X.509 certificate revocation list
directly or as part of a PEM file.
Content and
file format
Items carried in the file Description
ASN.1 DER encoded
X.509 certificate
One X.509 certificate This is the most basic format
supported, the certificate
without any envelope.
X.509 certificate in
PKCS #7 file
One X.509 certificate Popular format with Microsoft
products.
To Next Page
Loading...
Need help?
General
