Motorola 2.1 - Configuring Automatic Certificate Issuing; Requesting a Server Certificate

To Next Page

To Previous Page

Chapter 2: Network Setup

Verify correct installation of CA services.

Once installation is complete:

• Verify correct installation by opening the Certificates (Local Computer). Click Start |

Run | and type MMC.exe. Press enter.

• Browse to the certificate store by selecting: Console / Add/Remove Snap-in / Add… /

Certificates / Computer Account.

Result: The select PC dialog appears.

• Select Local Computer.

• Ensure that the new CA certificate is stored in the Trusted Root Certification Authorities

/ Certificates folder. You should see a trusted root certificate called radius.

Click on the personal folder and click on certificates. Delete the auto generated

certificate called radius. We will re-create this later.

Verify that the certificate services web interface is functional.

Using another computer on the network, connect to the certificate server's certificate services

interface at URL: http://172.31.0.21/certsrv.

Configuring Automatic Certificate Issuing

Procedure 2-7 describes how to configure whether or not an administrator needs to approve

certificate requests (manual or automatic issuing).

Procedure 2-7 Configuring Automatic Certificate Issuing

Open the Certification Authority item by selecting Control Panel / Administrative Tools.

Right click on the name of your local root CA server in the tree view and select Properties.

Open the Policy Module tab and click the Properties… button.

Select the radio button labeled Follow the settings in the certificate template, if applicable.

Otherwise, automatically issue the certificate from the Request Handling tab.

Restart the Certificate Services to have the changes take effect.

• Selecting Control Panel / Administrative Tools / Services.

• Select and restart the Certificate Services service.

Requesting a Server Certificate

The procedure to request a certificate for a network server creates a digital certificate for the

RADIUS server to use for EAP-TTLS authentication.

A server certificate signed by our new CA as well as a copy of the trusted root certificate must

be installed on the RADIUS server. Procedure 5-6 describes how to generate a server

certificate. You must have administrator access on this computer to install the certificates in

the local computer store (required).

2-26

Related product manuals