Wireless Access Point
228 Configuring the Wireless AP
address in the Deny list. The Wireless AP will accept up to 1,000
ACL entries.
PCI DSS or FIPS 140-2 Security — to implement the requirements of
these security standards on the AP, please see “Auditing PCI DSS” on
page 593 or “Implementing FIPS Security” on page 599.
Certificates and Connecting Securely to the WMI
When you point your browser to the AP to connect to the WMI, the AP presents
an X.509 security certificate to the browser to establish a secure channel. One
significant piece of information in the certificate is the AP’s host name. This ties
the certificate to a particular AP and ensures the client that it is connecting to that
host.
Certificate Authorities (CAs) are entities that digitally sign certificates, using their
own certificates (for example, VeriSign is a well-known CA). When the AP
presents its certificate to the client’s browser, the browser looks up the CA that
signed the certificate to decide whether to trust it. Browsers ship with a small set
of trusted CAs already installed. If the browser trusts the certificate’s CA, it
checks to ensure the host name (and IP address) match those on the certificate. If
any of these checks fail, you get a security warning when connecting to the WMI.
The AP ships with a default certificate that is signed by the Xirrus CA. You may
choose to use this certificate, or to use a certificate issued by the CA of your
choice, as described in the following sections:
Using the AP’s Default Certificate
Using an External Certificate Authority