Manualshelf

HP-UX AAA Server A.07.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
141142143144145146147148149150
and PEAP, and in testing environments for TLS. The self-signed server certificates are
in/etc/opt/aaa/security/.
The following is a list of the self-signed certificates located in /etc/opt/aaa/
security/:
rsa_cert.pem — AAA server certificate
rsa_key.pem — AAA server key
ca_list.pem — list of client CA certificates
demouser.p12 — sample client certificate
root.cer — CA for AAA server certificate
For TTLS and PEAP
If you are using TTLS or PEAP, the default certificates are safe to deploy in your
production environment. The AAA server is its own Certificate Authority. If you are
managing multiple AAA servers, you must have the same set of digital certificates on
each server in your configuration. Pick one of your AAA servers and copy the set of
self-signed digital certificates to every AAA server in the configuration. You should
save each AAA server's original self-signed certificates for future use.
Copy/etc/opt/aaa/security/root.cer to the CA storage on supplicants that
enable server certificate checking.
For TLS
If you are using TLS, use the default certificates to familiarize yourself with TLS
certificate administration before you deploy your own enterprise certificates.
1. Copy/etc/opt/aaa/security/root.cer to the CA storage on the supplicant.
2. Copy/etc/opt/aaa/security/demouser.p12 to user the certificate storage
on the supplicant:
the pass phrase for demouser.p12 is: 1234
the user name fordemouser.p12 is: demouser@eap.realm
3. Configure a TLS realm for eap.realm on the AAA server
Installing Your Own Digital Certificates and Keys
You can use your own certificates if your organization has a PKI and you don’t want
to use the self-signed certificates included with the HP-UX AAA Server. Refer to the
supplicant documentation to determine each supplicant’s specific certificate
requirements.
148 Securing LAN Access With EAP