EasyLAN Wireless Interface Kit Installation Instructions 35
Chapter 4 — Setup in Fingerprint
• CA Certifi cate (TTLS and PEAP only): A certifi cate which should
contain the public key corresponding to the private key that was used
to sign the server's certifi cate, or the top certifi cate in a chain leading
to the server's certifi cate. e default is /rom/intermec.cer, provided
by Intermec and delivered with fi rmware containing the supplicant
functionality. e default certifi cate can be overridden by loading
another certifi cate in PEM, DER (.der, .cer), or PKCS #12 (.p12,
.pfx) format.
• Two Common names (TTLS and PEAP only): Two diff erent
common names may be confi gured. If both are empty, the supplicant
will accept certifi cates regardless of the server certifi cate's common
name. If the fi rst common name is confi gured, the common name
(CN) of the server's certifi cate must match the fi rst common name.
If both common names are confi gured, the server's certifi cate must
match one of them. e default is “” (accepts any common name).
• Validate server certifi cate (TTLS and PEAP only): Verifi es that the
installed CA certifi cate is the root of the server certifi cate. e default
is ON.
Note: Adverse eff ects on validation can occur if a real-time
clock (RTC) is not installed. Without an RTC, the current
time cannot be reliably read and validation does not take into
account the current date. Validation may still occur, but less
reliably than with an RTC.
For all 802.1x parameters, string length is limited to 96 characters.
For all parameters applicable to TTLS or PEAP: Selecting another EAP-
type disables these parameters, but does not erase their settings.
Using Certifi cates
When an overriding certifi cate is installed, it is converted to DER format
and copied to a specifi c location (/c/ADMIN/root.cer) so that accidental
removal is unlikely. You do not need to keep additional copies of the
certifi cate on the printer after you install the certifi cate.
Some certifi cate formats (notably PKCS #12) encrypt data using a pass
phrase. To import certifi cates that include anything other than an empty
pass phrase, the pass phrase is given in the same string as the path to the
certifi cate fi le. e pass phrase is never stored on the printer and is used
only once to convert the public key to a non-encrypted format.
To Next Page
Loading...
Need help?
General
Weight and Dimensions
