Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Certificate Store
Server Certificates are small data files that digitally bind a cryptographic key to the details of an entity in order to ensure its authenticity, as well as the security and integrity of any connections with the entity's server. Policy Manager supports multiple EAP Extensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. server certificates. You can tie different server certificates to different Policy Manager RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. -based services (for example, Service A can use EAP server certificate A, while Service B can use EAP server certificate B). The Certificate Store allows you to view the Server Certificates, create, modify, delete, and view Certificate Signing Requests (CSRs), as well as import and export CSRs. A root certificate is a public key The part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient. certificate that identifies a root certificate authority (CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.). A root certificate is the top-most certificate of the certificate tree structure.
The
page displays the parameters configured when a self-signed certificate has been created and installed on a ClearPass server. The is selected by default.The Policy Manager Certificate Store provides five types of server certificates.
RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. /EAP Extensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. Server Certificates
HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. (ECC Elliptical Curve Cryptography or Error correcting Code memory. Elliptical Curve Cryptography is a public-key encryption technique that is based on elliptic curve theory used for creating faster, smaller, and more efficient cryptographic keys. Error Correcting Code memory is a type of computer data storage that can detect and correct the most common kinds of internal data corruption. ECC memory is used in most computers where data corruption cannot be tolerated under any circumstances, such as for scientific or financial computing.) Server Certificates (HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. using Elliptic Curve Cryptography)
HTTP Hypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands.(RSA Rivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet.) Server Certificates (HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. using RSA Rivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet. Cryptography)
RadSec Server Certificates
Database Server Certificates
The availability of these certificate types (internally signed and publicly signed) provides deployment flexibility.
|
Be aware that if an expired service certificate or EAP Extensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. server certificate is used with an enabled service, the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. server will not start or reload and authentication requests will fail on all servers in a cluster. To successfully authenticate, first renew or remove any expired service certificates. |
|
Server Certificate expiration notices begin appearing in the Policy Manager user interface 30 days prior to the expiration date. |
HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection.(ECC Elliptical Curve Cryptography or Error correcting Code memory. Elliptical Curve Cryptography is a public-key encryption technique that is based on elliptic curve theory used for creating faster, smaller, and more efficient cryptographic keys. Error Correcting Code memory is a type of computer data storage that can detect and correct the most common kinds of internal data corruption. ECC memory is used in most computers where data corruption cannot be tolerated under any circumstances, such as for scientific or financial computing.) and HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection.(RSA Rivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet.) certificates can be enabled or disabled by clicking the Enable or Disable buttons in the lower right corner of the Certificates Store window. A disabled certificate cannot be used, and you cannot disable both HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection.(ECC Elliptical Curve Cryptography or Error correcting Code memory. Elliptical Curve Cryptography is a public-key encryption technique that is based on elliptic curve theory used for creating faster, smaller, and more efficient cryptographic keys. Error Correcting Code memory is a type of computer data storage that can detect and correct the most common kinds of internal data corruption. ECC memory is used in most computers where data corruption cannot be tolerated under any circumstances, such as for scientific or financial computing.) and HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection.(RSA Rivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet.) simultaneously. If both HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection.(ECC Elliptical Curve Cryptography or Error correcting Code memory. Elliptical Curve Cryptography is a public-key encryption technique that is based on elliptic curve theory used for creating faster, smaller, and more efficient cryptographic keys. Error Correcting Code memory is a type of computer data storage that can detect and correct the most common kinds of internal data corruption. ECC memory is used in most computers where data corruption cannot be tolerated under any circumstances, such as for scientific or financial computing.) and HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection.(RSA Rivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet.) Certificates are enabled, any client that supports ECC Elliptical Curve Cryptography or Error correcting Code memory. Elliptical Curve Cryptography is a public-key encryption technique that is based on elliptic curve theory used for creating faster, smaller, and more efficient cryptographic keys. Error Correcting Code memory is a type of computer data storage that can detect and correct the most common kinds of internal data corruption. ECC memory is used in most computers where data corruption cannot be tolerated under any circumstances, such as for scientific or financial computing. ciphers will get HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection.(ECC Elliptical Curve Cryptography or Error correcting Code memory. Elliptical Curve Cryptography is a public-key encryption technique that is based on elliptic curve theory used for creating faster, smaller, and more efficient cryptographic keys. Error Correcting Code memory is a type of computer data storage that can detect and correct the most common kinds of internal data corruption. ECC memory is used in most computers where data corruption cannot be tolerated under any circumstances, such as for scientific or financial computing.) certificates when contacting ClearPass . If you enable ECC Elliptical Curve Cryptography or Error correcting Code memory. Elliptical Curve Cryptography is a public-key encryption technique that is based on elliptic curve theory used for creating faster, smaller, and more efficient cryptographic keys. Error Correcting Code memory is a type of computer data storage that can detect and correct the most common kinds of internal data corruption. ECC memory is used in most computers where data corruption cannot be tolerated under any circumstances, such as for scientific or financial computing. certficates, client trust lists should be updated accordingly.
Figure 1 Disabling an enabled Certificate
Viewing the Server Certificates
To view the Server Certificates available for the current Policy Manager server:
1. Navigate to Administration > Certificates > Certificate Store.
The
page opens to the tab:Figure 2 Certificate Store > Server Certificates Page
RADIUS/EAP Server Certificate
The following table provides a summary of the
parameters:
Parameter |
Action/Description |
Select Server |
Select a Policy Manager server in the cluster for server certificate operations. From the publisher, you can select the publisher or any of the subscriber nodes. |
Select Usage |
Select . |
Subject |
Displays the Organization and Common Name. |
Issued by |
Displays the Organization and Common Name that issued this certificate. |
Issue Date |
Displays the date the self-signed certificate is installed. |
Expiry Date |
Displays the date (in days) when the self-signed certificate expires. |
Public Key Algorithm | Public key algorithm type used by this certificate |
Certificate enabled | Indicates if the certificate is or is not enabled. |
Validity Status |
Displays the validity status of the self-signed certificate: Valid or Invalid. |
Viewing Server Certificate Details
Click the public key The part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient. Info, etc.
button to view details about the certificate, such as signature algorithm, subjectTo view the Server Certificate details:
1. Navigate to Administration > > Certificates > Certificate Store.
The Server Certificate summary information is displayed.
2. Click .
The
window opens.Figure 3 Server Certificate Details
3. When finished viewing the information, click .
HTTPS(ECC) Server Certificate
The HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection.(ECC Elliptical Curve Cryptography or Error correcting Code memory. Elliptical Curve Cryptography is a public-key encryption technique that is based on elliptic curve theory used for creating faster, smaller, and more efficient cryptographic keys. Error Correcting Code memory is a type of computer data storage that can detect and correct the most common kinds of internal data corruption. ECC memory is used in most computers where data corruption cannot be tolerated under any circumstances, such as for scientific or financial computing.) Server Certificate has been created and installed.
page displays the parameters configured after a self-signed certificate with an1. Navigate to the > > > tab.
2. From the drop-down, choose .
The
page opens.Figure 4 HTTPS(ECC) Server Certificate Page
The following table describes the
parameters:
Parameter |
Action/Description |
Subject |
Displays the Organization and Common Name. |
Issued by |
Displays the Organization and Common Name that issued the server certificate. |
Issue Date |
Displays the date the self-signed certificate is installed. |
Expiry Date |
Displays the date when the self-signed certificate expires. |
Validity Status |
Displays the validity status of the self-signed certificate. |
Public Key Algorithm | Algorithm type used by the certificate. |
Certificate Enabled | Indicates whether or not the certificate is enabled in the certificate store. |
Details |
To view details about the certificate, such as Signature Algorithm and Subject Public Key Info, click the button. |
HTTPS(RSA) Server Certificate
The HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection.(RSA Rivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet.) Server Certificate using has been created and installed.
page displays the parameters configured after a self-signed certificate with an1. Navigate to the > > > tab.
2. From the drop-down, choose .
The
page opens.Figure 5 HTTPS(RSA) Server Certificate Page
The following table describes the
parameters:
Parameter |
Action/Description |
Subject |
Displays the Organization and Common Name. |
Issued by |
Displays the Organization and Common Name that issued the server certificate. |
Issue Date |
Displays the date the self-signed certificate is installed. |
Expiry Date |
Displays the date when the self-signed certificate expires. |
Validity Status |
Displays the validity status of the self-signed certificate. |
Public Key Algorithm | Algorithm type used by the certificate. |
Certificate Enabled | Indicates whether or not the HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection.(RSA Rivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet.) cerificate is enabled in the certificate store. |
Details |
To view details about the certificate, such as Signature Algorithm and Subject Public Key Info, click the button. |
RadSec Server Certificate
RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. -over-TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. (Transport Layer Security), or RadSec, employs a TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. tunnel to enable secure communication between the controller and a Policy Manager server. Employing RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. communication over TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. increases the level of security for authentication. When configured, the RadSec protocol is used to safely transmit authentication and accounting data across the network.
To access the RadSec Server Certificate:
1. Navigate to the > > > tab.
2. From the drop-down, choose .
The
page opens.Figure 6 RadSec Server Certificate Page
The following table describes the
parameters:
Parameter |
Action/Description |
Select Server |
Select a Policy Manager server in the cluster for server certificate operations. |
Select Usage |
Select . |
Subject |
Displays the Organization and Common Name. |
Issued by |
Displays the Organization and Common Name that issued this certificate. |
Issue Date |
Displays the date the self-signed certificate is installed. |
Expiry Date |
Displays the date (in days) when the self-signed certificate expires. |
Public Key Algorithm | Algorithm type used by the certificate. |
Certificate Enabled | Indicates whether or not the RadSec server cerificate is enabled in the certificate store. |
Validity Status |
Displays the validity status of the self-signed certificate: Valid or Invalid. |
Database Server Certificate
To access the Database Server Certificate:
1. Navigate to the > > > tab.
2. From the drop-down, choose . The page opens.
Figure 7 Database Server Certificate Page
The following table describes the
parameters:
Parameter |
Action/Description |
Select Server |
Select a Policy Manager server in the cluster for server certificate operations. |
Select Usage |
Select . |
Subject |
Displays the Organization and Common Name. |
Issued by |
Displays the Organization and Common Name that issued this certificate. |
Issue Date |
Displays the date the self-signed certificate is installed. |
Expiry Date |
Displays the date (in days) when the self-signed certificate expires. |
Public Key Algorithm | Algorithm type used by the certificate. |
Certificate Enabled | Indicates whether or not the database server cerificate is enabled in the certificate store. |
Validity Status |
Displays the validity status of the self-signed certificate: Valid or Invalid. |
|
Network administrators must restart the Policy Manager server after changing the Database certificate to insure that all client database connections are reestablished when the database comes back up. |