Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

331

332

333

334

335

336

337

338

339

340

About Keys and Certificates

RoamAbout Mobility System Software Configuration Guide 16-3

•IftheRoamAboutswitchhasaself‐signedcertificateinitscertificateandkeystore,theswitch

respondstotherequestfromMSS.Ifthecertificateisnotself‐signed,theswitchlooksfora

CA’scertificatewithwhichtovalidatetheservercertificate.

•IftheRoamAboutswitchhasnocorresponding

CAcertificate,theswitchdoesnotrespondto

therequestfromMSS.IftheswitchdoeshaveacorrespondingCAcertificate,andtheserver

certificateisvalidated(datestillvalid,signatureapproved),theswitchresponds.

IftheRoamAboutswitchdoesnotrespondtotherequestfromMSS,authenticationfailsand

access

isdenied.

ForEAP(802.1X)users,thepublic‐privatekeypairsanddigitalcertificatescanbestoredona

RADIUSserver.Inthiscase,theR oamAboutswitchoperatesasapass‐through authenticator.

Public Key Infrastructures

Apublic‐keyinfrastructure(PKI)isasystemof digitalcertificatesandcertificationauthoritiesthat

verifyandauthenticatethevalidityofeach partyinvolvedinatransactionthroughtheuseof

publickeycryptography.TohaveaPKI,theRoamAboutswitchrequiresthefollowing:

•Apublickey

•Aprivatekey

• Digitalcertificates

•A

CA

•Asecureplacetostoretheprivatekey

APKIenablesyoutosecurelyexchangeandvalidatedigitalcertificatesbetweenRoamAbout

switches,servers,anduserssothateachdevicecanauthenticateitselftotheothers.

Public and Private Keys

Enterasys Network’sidentity‐basednetworkingusespublickeycryptographytoenforcethe

privacyofdatatransmittedoverthenetwork.Usingpublic‐privatekeypairs,usersanddevices

cansendencryptedmessagesthatonlytheintendedreceivercandecrypt.

Beforeexchangingmessages,eachpartyinatransactioncreatesakeypairthatincludes

thepublic

andprivatekeys.Thepublickeyencryptsdataandverifiesdigitalsignatures,andthe

correspondingprivatekeydecryptsdataandgeneratesdigitalsignatures.Publickeysarefreely

exchangedaspartofdigitalcertificates.Privatekeysare storedsecurely.

Digital Certificates

Digitalcertificatesbindtheidentityofnetworkusersanddevicestoapublickey.Networkusers

mustauthenticatetheiridentitytothosewithwhomtheycommunicate,andmustbeabletoverify

theidentityofotherusersandnetworkdevices,suchasswitchesandRADIUSservers.

TheEnterasys NetworksMobilitySystemsupports

thefollow ingtypesofX.509digital certificates:

• Administrativecertificate—UsedbytheRoamAboutswitchtoauthenticateitselfto

RoamAboutSwitchManagerorWebView.

• RoamAboutSwitchtoRoamAboutSwitchsecuritycertificate—UsedbyRoamAbout

SwitchesinaMobilityDomaintosecurelyexchangemanagementinformation.(Formore