HP-UX AAA Server A.08.02 Administrator's Guide
3. Define the locations to certificates by entering the path, and clicking Create.
Following list explains how to enter the path names in these fields:
• Server Certificate Path: For TLS, TTLS, and PEAP. Enter the fully-qualified file name to the
AAA server certificate in .pem or .cer format.
• Server Private Key Path: Enter the fully-qualified file name to a file in .pem or .cer format
that contains the private key used to generate the AAA server certificate. This file cannot
be encrypted.
• Client Certificate Authority Path: For TLS only. Enter the fully-qualified file name to the CA
certificate for the client certificate. Used by the AAA server to authenticate client certificates.
The CA certificate for the client certificate must be in .pem format.
• Random Seed Path: For TLS, TTLS, and PEAP. Enter the fully-qualified file name containing
any random data used to seed the random engine for TLS based EAP mechanisms. This
file can contain any random data.
• Certificate Revocation List Path: For TLS. Enter the fully-qualified file name to a list of
prohibited client certificates. File must be in .pem or .cer format.
• Client User Name Attribute: Used for EAP-TLS based authentication. Identifies the attribute
in the user digital certificate to retrieve the user’s name. This must match the user name
configured on the supplicant (client) software. The HP-UX AAA Server then checks the
user name in the certificate against the user name supplied in the EAP-TLS authentication
request. Select “Disable” to disable this check. You can select any one of the following
attribute values:
◦ Subject:CommonName (default)- Use the CommonName (CN) in the Subject attribute
◦ Subject:EmailAddress- Use the Email Address (E) in the Subject attribute
◦ SubjectAltName:RFC822Name- Use the RFC822Name in the SubjectAltName
attribute
◦ Check All Attributes-Search all the above three fields for a matching name
◦ Disabled- Ignore comparing User name with Certificate name
118 Securing LAN Access With EAP