Manualshelf

Setup guide

ManualsBrandsD-Link ManualsComputer equipmentDWL-500 - 11Mb Wireless LAN PCI Network Card
341342343344345346347348349350
Notes
Server certificates may have ca property set to no, but Certificate Authority certificates must have it
set to yes
Certificates and encrypted private keys are imported from and exported to the router's FTP server.
Public keys are not stored on a router in unencrypted form. Cached decrypted private keys are
stored in encrypted form, using key that is derived from the router ID. Passphrases are not stored on
router.
Configuration backup does not include cached decrypted private keys. After restoring backup all
certificates with private keys must be decrypted again, using decrypt command with the correct
passphrase.
Example
To import a certificate and the respective private key already uploaded on the router:
[admin@Wandy] certificate> import
passphrase: xxxx
certificates-imported: 1
private-keys-imported: 1
files-imported: 2
decryption-failures: 0
keys-with-no-certificate: 1
[admin@Wandy] certificate> print
Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa
0 QR name="cert1" subject=C=LV,ST=.,O=.,CN=cert.test.mt.lv
issuer=C=LV,ST=.,O=.,CN=third serial-number="01"
invalid-before=sep/17/2003 11:56:19 invalid-after=sep/16/2004 11:56:19
ca=yes
[admin@Wandy] certificate> decrypt
passphrase: xxxx
keys-decrypted: 1
[admin@Wandy] certificate> print
Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa
0 KR name="cert1" subject=C=LV,ST=.,O=.,CN=cert.test.mt.lv
issuer=C=LV,ST=.,O=.,CN=third serial-number="01"
invalid-before=sep/17/2003 11:56:19 invalid-after=sep/16/2004 11:56:19
ca=yes
[admin@Wandy] certificate>
Now the certificate may be used by HotSpot servlet:
[admin@Wandy] ip service> print
Flags: X - disabled, I - invalid
# NAME PORT ADDRESS CERTIFICATE
0 telnet 23 0.0.0.0/0
1 ftp 21 0.0.0.0/0
2 www 8081 0.0.0.0/0
3 hotspot 80 0.0.0.0/0
4 ssh 22 0.0.0.0/0
5 hotspot-ssl 443 0.0.0.0/0 none
[admin@Wandy] ip service> set hotspot-ssl certificate=
cert1 none
[admin@Wandy] ip service> set hotspot-ssl certificate=cert1
[admin@Wandy] ip service> print
Flags: X - disabled, I - invalid
# NAME PORT ADDRESS CERTIFICATE
0 telnet 23 0.0.0.0/0
1 ftp 21 0.0.0.0/0
2 www 8081 0.0.0.0/0
3 hotspot 80 0.0.0.0/0