Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

331

332

333

334

335

336

337

338

339

340

Certificates Automatically Generated by MSS

RoamAbout Mobility System Software Configuration Guide 16-5

Certificates Automatically Generated by MSS

ThefirsttimeyoubootaswitchwithMSSVersion4.2orlater,MSSautomaticallygenerateskeys

andself‐sig nedcertificates,incaseswherecertificatesarenotalreadyconfiguredorins talled.MSS

canautomaticallygenerateallthefollowingtypesofcertificatesandtheirkeys:

•Admin(requiredforadministrativeaccesstothe

switchbyWebVieworRoamAboutSwitch

Manager)

•EAP(requiredfor802.1Xuseraccessthroughtheswitch)

•Web(requiredforWebAAAuseraccessthroughtheswitch)

Thekeysare512byteslong.

MSSautomaticallygeneratesself‐signedcertificatesonlyincaseswherenocertificateisalready

configured.MSSdoesnotreplaceself‐signed

certificatesorCA‐signedcertificatesthatarealready

configuredontheswitch.Youcanreplaceanautomaticallygeneratedcertificatebycreating

anotherself‐signedoneorbyinstallingaCA‐signedone.Tousealongerkey,configurethekey

beforecreatingthenewcertificate(orcertificaterequest,ifyou

plantoinstallaCA‐signed

certificate).

IfgeneratedbyMSSVersion4.2.3orlater,theautomaticallygeneratedcertificatesare validfor

threeyears,beginningoneweekbeforetheti me anddateontheswitchwhenthecertificateis

generated.

Creating Keys and Certificates

Public‐privatekeypairsanddigitalcertificatesarerequiredformanagementaccesswith RASMor

WebView,orfornetworkaccessby802.1XorWebAAAusers.Thedigitalcertificatescanbeself‐

signedorsignedbyacertificateauthority(CA).IfyouusecertificatessignedbyaCA,youmust

also

installacertificatefromtheCAtovalidatethedigitalsignaturesofthecertificatesinstalledon

theRoamAboutswitch.

Generally,CA‐generatedcertificatesarevalidforoneyearbeginningwiththesystemtimeand

datethatareineffectwhenyougeneratethecertificaterequest.Self‐signedcertificatesgenerated

when

runningMSSVersion4.2.3orlaterarevalidforthreeyears,beginningoneweekbeforethe

timeanddateontheswitchwhenthecertificateisgenerated.

Eachofthefollowingtypesofaccessrequiresaseparatekeypairandcertificate:

• Admin—AdministrativeaccessthroughRoamAboutSwitchManagerorWebView

• EAP—802.1Xaccess

fornetworkuserswhocanaccessSSIDsencryptedbyWEPorWPA,and

forusersconnectedtowiredauthenticationports

• WebAAA—Webaccessfornetworkuserswhocanuseawebpagetologontoanunencrypted

SSID

ManagementaccesstotheCLIthroughSecureShell(SSH)alsorequiresakeypair,but

doesnot

useacertificate.(FormoreSSHinformation,see“ManagingSSH”onpage 5‐9.)

RoamAboutSwitchtoRoamAboutSwitchsecurityalsorequiresakeypairandcertificate.

However,thecertificateisgeneratedautomaticallywhenyouenableRBT‐RBTsecurity.