Requesting Certificate from a Third-Party CA
In order to provide trusted network security services to
wireless clients, ClearBox Server must be able to cryptographically
identify itself to clients. To prove its identity to clients, it
sends them its digital certificate during the client login
procedure. This certificate may be issued by creating your own
certificate authority, but if you have already a CA in your
organization (like Active Directory Certificate Authority) or want
to purchase it from some trusted third-party CA, Certificate Wizard
helps you in creating a certificate signing request which is sent
to the CA.
In brief, the process goes as following: Certificate Wizard
creates two files, a private key (you should store it) and a
request containing desired certificate properties and a public key.
This request is sent to an appropriate CA. The CA attests your and
the server identity, creates your server certificate, signs it and
passes back to you. After that Certificates Wizard merges the new
certificate and the stored private key and install them as the
RADIUS server certificate.
Run Certificates Wizard and select the second
Click Next and define server names for the
Select the server certificate validity time span. When expired,
the certificate should be re-issued or renewed.
Define the password which encrypts the private
key. You will be prompted to input this password later on when the
new certificate is be received from a CA,
Click Next. Fill in the fields which describe
the location of ClearBox Server:
Click Next. You are asked where two files
should be saved: the first is the request you have to send to a CA,
the second is the private key file you should store for a
Click Next. After some time depending on the
server machine performance you'll be shown the success message:
Now the certificate signing request is created and ready for
passing to a CA.
You may read step-by-step example of issuing a certificate in
Active Directory CA here.
After the CA creates the new certificate and signs it, you may
proceed with installing it.
Run the wizard and select the third step:
Click Next and specify the location of two
files: the first is the new certificate received from the CA (in
DER- or Base-64 encoded PEM format), the second is the private key
you have stored earlier. Besides, input the private key
The default and recommended behavior is to delete temporary
files, as they are not needed any longer.
Click Next. The necessary RADIUS server
certificate is installed and ready for use. The last step is to
select the server certificate in Configurator. Run
it, select 'TLS Settings' in the left tree. Click 'Select
Select the created certificate from the list and click
Click 'Apply Changes', click
'Save' on the toolbar and restart ClearBox
© 2001-2007 XPerience Technologies. www.xperiencetech.com