HP-UX AAA Server A.07.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

141

142

143

144

145

146

147

148

149

150

3. Load a AAA server configuration to Server Manger by selecting Load in the

navigation tree. See “Loading and Saving Your Configuration” (page 82) for more

information.

4. Identify the RADIUS clients that will send access requests to the AAA server by

selecting Access Devices in the navigation tree. See “Navigating the Access Devices

Screen” (page 84) for more information.

5. Configure realms for the encrypted tunnels if you are using TTLS, or optionally

for PEAP. See “Adding a Realm” (page 89) for more information).

6. Configure your realms to set the authentication methods the AAA will server use

to authenticate your users, and to indicate where it the AAA server should look

for user information. See “Adding a Realm” (page 89) for more information.

7. Configure digital certificates if you are using TLS, TTLS, or PEAP. See “Digital

Certificate Administration” (page 147) for more information.

8. Configure user profiles to identify each user accessing services through the AAA

server.

9. Deploy the AAA configuration to secure your LAN by:

a. saving the configuration to one or more AAA servers

b. stopping and starting the AAA servers in the configuration

Digital Certificate Administration

Some security methods (like TLS, TTLS, or PEAP) use digital certificates assigned to

each user for authentication. If your organization has a Public Key Infrastructure (PKI),

you can deploy digital certificates for user authentication. The following is a list of the

certificates involved:

• Server certificate—digital certificate identifying the server.

• Server CA certificate—a copy of the certificate for the authority that issued the

server certificate.

• Client certificate—if clients will be authenticated by digital certificates (EAP-TLS),

install a certificate on each client and add the client CA to the AAA server’s CA

list.

• Client CA certificate—a copy of the certificate for the authority that issued the

client certificate.

NOTE: If you are supporting multiple realms, configure digital certificates after you

add all of your realms.

Using the “Self-Signed” Digital Certificates

The HP-UX AAA Server creates a unique set of “self-signed” digital certificates during

installation that are based on its DNS name. Server Manager uses these certificates by

default. You can use the self-signed certificates in production environments for TTLS

Digital Certificate Administration 147