Creating Server Certificate
In order to provide trusted network security services to
wireless clients, ClearBox Server must be able to cryptographically
identify itself to clients. To prove its identity to clients, it
sends them its digital certificate during the client login
procedure. This certificate may be obtained from some existing
certificate authority (which is already exists in your organization
or purchased from a commercial CA). Still you may create your own
certificate authority and issue the server certificate by yourself.
This approach have some disadvantages (say, you should make each wireless client trust your
CA) but may become the best choice for initial testing or use
with a limited number of clients.
Run Certificates Wizard and select the first
Click Next. Type in your root CA name:
It will be shown as a certificate issuer on any certificate it
issues (at least, on the server certificate).
Next, define its password. It must not be short (at least 8
characters) and should better contain upper- and lower-case symbols
and digits, as loosing this password means invalidating the CA and
all certificates it has issued.
Click Next and define server names for the
Select the server certificate validity time span. When expired,
the certificate should be re-issued or renewed.
Click Next. Fill in the fields which describe
the location of ClearBox Server:
After some time depending on the server machine performance
you'll be shown the success message:
It means that the root CA and the server certificates are
The last step is to select the server certificate in
Configurator. Run it, select 'TLS Settings' in the
left tree. Click 'Select Certificate...':
Select the created certificate from the list and click
Click 'Apply Changes', click
'Save' on the toolbar and restart ClearBox
IMPORTANT NOTE. CA files (public certificate
ca.crt and private key ca.pem) are created in <Server
installation path>\CA\. Don't remove them if you plan
to create or manage client or server certificates. Besides, it's
very important to keep ca.pem private (you should better restrict
the file access permissions to let only you access it).
© 2001-2007 XPerience Technologies. www.xperiencetech.com