Certificate Store

About the Certificate Store

Server Certificates are small data files that digitally bind a cryptographic key to the details of an entity in order to ensure its authenticity, as well as the security and integrity of any connections with the entity's server. Policy Manager supports multiple EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  server certificates. You can tie different server certificates to different Policy Manager RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. -based services (for example, Service A can use EAP server certificate A, while Service B can use EAP server certificate B). The Certificate Store allows you to view the Server Certificates, create, modify, delete, and view Certificate Signing Requests (CSRs), as well as import and export CSRs. A root certificate is a public keyThe part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient. certificate that identifies a root certificate authority (CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.). A root certificate is the top-most certificate of the certificate tree structure.

Viewing the Server Certificates

The Server Certificates page displays the parameters configured when a self-signed certificate has been created and installed on a Policy Manager server. The RADIUS/EAP Server Certificate is selected by default.

The Policy Manager Certificate Store provides four types of server certificates.

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. /EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  Server Certificate

HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. Server Certificate

RadSec Server Certificate

Database Server Certificate

The availability of these certificate types (internally signed and publicly signed) provides deployment flexibility.

 

Server Certificate expiration notices begin appearing in the Policy Manager user interface 30 days prior to the expiration date.

To view the Server Certificates available for the current Policy Manager server:

1. Navigate to Administration > Certificates > Certificate Store.

The Certificate Store page opens to the Server Certificate tab:

Figure 1  Certificate Store > Server Certificates Page

RADIUS/EAP Server Certificate

The following table provides a summary of the RADIUS/EAP Server Certificate parameters:

Table 1: Summary of RADIUS/EAP Server Certificate Parameters

Parameter

Action/Description

Select Server

Select a Policy Manager server in the cluster for server certificate operations.

NOTE: From the publisher, you can select the publisher or any of the subscriber nodes.

Select Usage

Select RADIUS/EAP Server Certificate.

Subject

Displays the Organization and Common Name.

Issued by

Displays the Organization and Common Name that issued this certificate.

Issue Date

Displays the date the self-signed certificate is installed.

Expiry Date

Displays the date (in days) when the self-signed certificate expires.

Validity Status

Displays the validity status of the self-signed certificate: Valid or Invalid.

Viewing Server Certificate Details

Click the View Details button to view details about the certificate, such as signature algorithm, subject public keyThe part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient. Info, etc.

To view the Server Certificate details:

1. Navigate to Administration > Certificates > Certificates > Certificate Store.

The Server Certificate summary information is displayed.

2. Click View Details.

The Certificate Details window opens.

Figure 2  Server Certificate Details

3. When finished viewing the information, click Close.

HTTPS Server Certificate

The HTTPS Server Certificate page displays the parameters configured after a self-signed certificate with an HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. Server Certificate has been created and installed.

With an HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. connection, all communications are securely encrypted. The major benefits of an HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. certificate are:

Customer information (such as credit card numbers) is encrypted and cannot be intercepted.

Visitors can verify you are a registered business and that you own the domain.

Customers are more likely to trust and complete transactions from sites that use HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection..

To access the HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. Server Certificate:

1. Navigate to the Administration > Certificates > Certificate Store > Server Certificates tab.

2. From the Select Usage drop-down, choose HTTPS Server Certificate.

The HTTPS Server Certificate page opens.

Figure 3  HTTPS Server Certificate Page

The following table describes the HTTPS Server Certificate parameters:

Table 2: HTTPS Server Certificate Parameters

Parameter

Action/Description

Select Server

Select a Policy Manager server in the cluster for server certificate operations.

Select Usage

Select HTTPS Server Certificate .

Subject

Displays the Organization and Common Name.

Issued by

Displays the Organization and Common Name that issued the server certificate.

Issue Date

Displays the date the self-signed certificate is installed.

Expiry Date

Displays the date when the self-signed certificate expires.

Validity Status

Displays the validity status of the self-signed certificate.

Details

To view details about the certificate, such as Signature Algorithm and Subject Public Key Info, click the View Details button.

RadSec Server Certificate

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. -over-TLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. (Transport Layer Security), or RadSec, employs a TLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. tunnel to enable secure communication between the controller and a Policy Manager server. Employing RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  communication over TLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. increases the level of security for authentication. When configured, the RadSec protocol is used to safely transmit authentication and accounting data across the network.

To access the RadSec Server Certificate:

1. Navigate to the Administration > Certificates > Certificate Store > Server Certificates tab.

2. From the Select Usage drop-down, choose RadSec Server Certificate.

The RadSec Server Certificate page opens.

Figure 4  RadSec Server Certificate Page

The following table describes the RadSec Server Certificate parameters:

Table 3: Summary of RadSec Server Certificate Parameters

Parameter

Action/Description

Select Server

Select a Policy Manager server in the cluster for server certificate operations.

Select Usage

Select RadSec Server Certificate.

Subject

Displays the Organization and Common Name.

Issued by

Displays the Organization and Common Name that issued this certificate.

Issue Date

Displays the date the self-signed certificate is installed.

Expiry Date

Displays the date (in days) when the self-signed certificate expires.

Validity Status

Displays the validity status of the self-signed certificate: Valid or Invalid.

Database Server Certificate

To access the Database Server Certificate:

1. Navigate to the Administration > Certificates Certificate Store > Server Certificates tab.

2. From the Select Usage drop-down, choose Database Server Certificate. The Database Server Certificate page opens.

Figure 5  Database Server Certificate Page

The following table describes the Database Server Certificate parameters:

Table 4: Summary of Database Server Certificate Parameters

Parameter

Action/Description

Select Server

Select a Policy Manager server in the cluster for server certificate operations.

Select Usage

Select Database Server Certificate.

Subject

Displays the Organization and Common Name.

Issued by

Displays the Organization and Common Name that issued this certificate.

Issue Date

Displays the date the self-signed certificate is installed.

Expiry Date

Displays the date (in days) when the self-signed certificate expires.

Validity Status

Displays the validity status of the self-signed certificate: Valid or Invalid.

 

Network administrators must restart the Policy Manager server after changing the Database certificate to insure that all client database connections are reestablished when the database comes back up.