Certificate Store
About the Certificate Store
Server Certificates are small data files that digitally bind a cryptographic key to the details of an entity in order to ensure its authenticity, as well as the security and integrity of any connections with the entity's server. Policy Manager supports multiple EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. server certificates. You can tie different server certificates to different Policy Manager RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. -based services (for example, Service A can use EAP server certificate A, while Service B can use EAP server certificate B). The Certificate Store allows you to view the Server Certificates, create, modify, delete, and view Certificate Signing Requests (CSRs), as well as import and export CSRs. A root certificate is a public keyThe part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient. certificate that identifies a root certificate authority (CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.). A root certificate is the top-most certificate of the certificate tree structure.
Viewing the Server Certificates
The Policy Manager server. The is selected by default.
page displays the parameters configured when a self-signed certificate has been created and installed on aThe Policy Manager Certificate Store provides four types of server certificates.
RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. /EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. Server Certificate
RadSec Server Certificate
Database Server Certificate
The availability of these certificate types (internally signed and publicly signed) provides deployment flexibility.
|
Server Certificate expiration notices begin appearing in the Policy Manager user interface 30 days prior to the expiration date. |
To view the Server Certificates available for the current Policy Manager server:
1. Navigate to Administration > Certificates > Certificate Store.
The
page opens to the tab:Figure 1 Certificate Store > Server Certificates Page
RADIUS/EAP Server Certificate
The following table provides a summary of the
parameters:
Parameter |
Action/Description |
Select Server |
Select a Policy Manager server in the cluster for server certificate operations. From the publisher, you can select the publisher or any of the subscriber nodes. |
Select Usage |
Select . |
Subject |
Displays the Organization and Common Name. |
Issued by |
Displays the Organization and Common Name that issued this certificate. |
Issue Date |
Displays the date the self-signed certificate is installed. |
Expiry Date |
Displays the date (in days) when the self-signed certificate expires. |
Validity Status |
Displays the validity status of the self-signed certificate: Valid or Invalid. |
Viewing Server Certificate Details
Click the public keyThe part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient. Info, etc.
button to view details about the certificate, such as signature algorithm, subjectTo view the Server Certificate details:
1. Navigate to Administration > > Certificates > Certificate Store.
The Server Certificate summary information is displayed.
2. Click .
The
window opens.Figure 2 Server Certificate Details
3. When finished viewing the information, click .
HTTPS Server Certificate
The HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. Server Certificate has been created and installed.
page displays the parameters configured after a self-signed certificate with anWith an HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. connection, all communications are securely encrypted. The major benefits of an HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. certificate are:
Customer information (such as credit card numbers) is encrypted and cannot be intercepted.
Visitors can verify you are a registered business and that you own the domain.
Customers are more likely to trust and complete transactions from sites that use HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection..
To access the HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. Server Certificate:
1. Navigate to the > > > tab.
2. From the drop-down, choose .
The
page opens.Figure 3 HTTPS Server Certificate Page
The following table describes the
parameters:
Parameter |
Action/Description |
Select Server |
Select a Policy Manager server in the cluster for server certificate operations. |
Select Usage |
Select . |
Subject |
Displays the Organization and Common Name. |
Issued by |
Displays the Organization and Common Name that issued the server certificate. |
Issue Date |
Displays the date the self-signed certificate is installed. |
Expiry Date |
Displays the date when the self-signed certificate expires. |
Validity Status |
Displays the validity status of the self-signed certificate. |
Details |
To view details about the certificate, such as Signature Algorithm and Subject Public Key Info, click the button. |
RadSec Server Certificate
RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. -over-TLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. (Transport Layer Security), or RadSec, employs a TLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. tunnel to enable secure communication between the controller and a Policy Manager server. Employing RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. communication over TLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. increases the level of security for authentication. When configured, the RadSec protocol is used to safely transmit authentication and accounting data across the network.
To access the RadSec Server Certificate:
1. Navigate to the > > > tab.
2. From the drop-down, choose .
The
page opens.Figure 4 RadSec Server Certificate Page
The following table describes the
parameters:
Parameter |
Action/Description |
Select Server |
Select a Policy Manager server in the cluster for server certificate operations. |
Select Usage |
Select . |
Subject |
Displays the Organization and Common Name. |
Issued by |
Displays the Organization and Common Name that issued this certificate. |
Issue Date |
Displays the date the self-signed certificate is installed. |
Expiry Date |
Displays the date (in days) when the self-signed certificate expires. |
Validity Status |
Displays the validity status of the self-signed certificate: Valid or Invalid. |
Database Server Certificate
To access the Database Server Certificate:
1. Navigate to the > > > tab.
2. From the drop-down, choose . The page opens.
Figure 5 Database Server Certificate Page
The following table describes the
parameters:
Parameter |
Action/Description |
Select Server |
Select a Policy Manager server in the cluster for server certificate operations. |
Select Usage |
Select . |
Subject |
Displays the Organization and Common Name. |
Issued by |
Displays the Organization and Common Name that issued this certificate. |
Issue Date |
Displays the date the self-signed certificate is installed. |
Expiry Date |
Displays the date (in days) when the self-signed certificate expires. |
Validity Status |
Displays the validity status of the self-signed certificate: Valid or Invalid. |
|
Network administrators must restart the Policy Manager server after changing the Database certificate to insure that all client database connections are reestablished when the database comes back up. |
Was this information helpful?
Great! Thanks for the feedback
Sorry about that! How can we improve it? Send your comments and suggestions!