Contents

User's Guide
Overview
What It Is
What's New
Key Features List
ClearBox Enterprise vs ClearBox
System Requirements
Purchasing Licenses
Getting Started
Quick Start
Understanding Server Components
Managing User Accounts
Configuring RADIUS Realms
Realm Settings
Realm Rules
Dynamic Realm Rules
Authentication
Authentication Protocols Compatibility
Logging Authentication Packets
Logging Discarded Requests
Authorization
Accounting
Account Log Files
Realm Settings
Configuring SQL Queries
Private RADIUS Attributes
Regular Expressions Syntax
RADIUS Clients
RADIUS Client Settings
Dynamic Clients Settings
SQL Data Sources
SQL Data Source Settings
LDAP Servers
LDAP Server Settings
Remote RADIUS Servers
Remote RADIUS Server Settings
State Servers
State Server Settings
Meta Configuration
Meta Configuration
Meta Configuration Settings
Meta Base Schema
TLS Settings
Creating SSL Certificates
Creating Server Sertificate
Requesting Server Certificate
Creating Client Certificates
Revoking a Certificate or Renewing CRL
Exporting CA Certificate
Issuing a Certificate in Active Directory CA
Remote Configuration
Advanced ISP Billing Integration
DTH Billing Integration
Platypus Billing System Intergration
OnDO SIP Server Integration
How Do I...
Wi-Fi Security
Wireless Authentication
Wi-Fi and RADIUS
Supported EAP Authentication Types
Security Considerations
10 Tips for Wireless Network Security
Administering the Server
Logging
Debug Logs
Troubleshooting
Using Client Tool
List of Server Errors
Maintaining RADIUS Dictionary
Basic Concepts
AAA
Authentication
Wireless Authentication
Authentication Protocols
Authorization
Accounting
RADIUS
RADIUS
Realms
RADIUS Proxy
RADIUS Attributes
Example of RADIUS Packet Transactions
List of Standard RADIUS Attributes
Glossary
Technical Support
Purchasing Licenses
Contacts

 
Home
ClearBox Enterprise Server 2.0 Online Manual
Prev Page Next Page
 
 
ClearBox Enterprise Serverâ„¢ 2.0. User's Guide

Creating Server Certificate

In order to provide trusted network security services to wireless clients, ClearBox Server must be able to cryptographically identify itself to clients. To prove its identity to clients, it sends them its digital certificate during the client login procedure. This certificate may be obtained from some existing certificate authority (which is already exists in your organization or purchased from a commercial CA). Still you may create your own certificate authority and issue the server certificate by yourself. This approach have some disadvantages (say, you should make each wireless client trust your CA) but may become the best choice for initial testing or use with a limited number of clients.

Run Certificates Wizard and select the first option:

Click Next. Type in your root CA name:

It will be shown as a certificate issuer on any certificate it issues (at least, on the server certificate).

Next, define its password. It must not be short (at least 8 characters) and should better contain upper- and lower-case symbols and digits, as loosing this password means invalidating the CA and all certificates it has issued.

Click Next and define server names for the server certificate:

Select the server certificate validity time span. When expired, the certificate should be re-issued or renewed.

Click Next. Fill in the fields which describe the location of ClearBox Server:

Click Next.

After some time depending on the server machine performance you'll be shown the success message:

It means that the root CA and the server certificates are created successfully.

The last step is to select the server certificate in Configurator. Run it, select 'TLS Settings' in the left tree. Click 'Select Certificate...':

Select the created certificate from the list and click OK:

Click 'Apply Changes', click 'Save' on the toolbar and restart ClearBox service.

IMPORTANT NOTE. CA files (public certificate ca.crt and private key ca.pem) are created in <Server installation path>\CA\. Don't remove them if you plan to create or manage client or server certificates. Besides, it's very important to keep ca.pem private (you should better restrict the file access permissions to let only you access it).


© 2001-2007 XPerience Technologies. www.xperiencetech.com
Converted from CHM to HTML with chm2web Pro 2.7 (unicode)