Manualshelf

User`s manual

ManualsBrandsD-Link ManualsComputer equipmentDWL-8220AP - AirPremier Wireless Switch Dualband Access Point
251252253254255256257258259260
255
DWS-1008 User’s Manual
D-Link Systems, Inc.
Managing Keys and Certicates
A digital certicate is a form of electronic identication for computers. The DWS-1008 switch
requires digital certicates to authenticate its communications to Extensible Authentication
Protocol (EAP) clients for which the switch performs all EAP processing. Certicates can be
generated on the switch or obtained from a certicate authority (CA). Keys contained within
the certicates allow the switch, its servers, and its wireless clients to exchange information
secured by encryption.
Note: Before installing a certicate, verify with the show timedate and show timezone
commands that the switch is set to the correct date, time, and time zone. Otherwise,
certicates might not be installed correctly.
Why Use Keys and Certicates?
Certain switch operations require the use of public-private key pairs and digital certicates. All
users for which the switch performs IEEE 802.1X EAP authentication require public-private
key pairs and digital certicates to be installed on the switch.
These keys and certicates are fundamental to securing wireless, wired authentication, and
administrative connections because they support Wi-Fi Protected Access (WPA) encryption
and dynamic Wired-Equivalency Privacy (WEP) encryption.
Wireless Security through TLS
In the case of wireless or wired authentication 802.1X users whose authentication is
performed by the switch, the rst stage of any EAP transaction is Transport Layer Security
(TLS) authentication and encryption.
TLS allows the client to authenticate the switch (and optionally allows the switch to authenticate
the client) through the use of digital signatures. Digital signatures require a public-private key
pair. The signature is created with a private key and veried with a public key. TLS enables
secure key exchange.
PEAP-MS-CHAP-V2 Security
PEAP performs a TLS exchange for server authentication and allows a secondary
authentication to be performed inside the resulting secure channel for client authentication.
For example, the Microsoft Challenge Handshake Authentication Protocol version 2
(MS-CHAP-V2) performs mutual MS-CHAP-V2 authentication inside an encrypted TLS
channel established by PEAP.
1. To form the encrypted TLS channel, the switch must have a digital certicate and must
send that certicate to the wireless client.
Managing Keys and Certificates