HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

100

Certificate Properties

Clicking Certificate Properties takes you to the Certificate Properties screen where you can modify

the properties described in Table 24.

Table 24 Certificate Path Properties

FunctionOption

For TLS, TTLS, and PEAP. Fully-qualified file name to the AAA

server certificate in .pem or .cer format.

Server Certificate Path

Fully-qualified file name to a file in .pemor .cer format that

contains the private key used to generate the AAA server

certificate. This file cannot be encrypted.

Server Private Key Path

For TLS only. Fully-qualified file name to the Certificate Authority

(CA) certificate for the client certificate. Used by the AAA server

Client Certificate Authority Path

to authenticate client certificates. The CA certificate for the client

certificate must be in .pem format.

For TLS, TTLS, and PEAP. Fully-qualified file name to the random

seed used to generate keys.

Random Seed Path

For TLS only. Identifies the attribute in the user digital certificate

to retrieve the user's name. This attribute must match the user name

Client User Name Attribute

configured on the supplicant (client) software. The AAA server will

check the user name in the certificate against the user name

supplied in the EAP-TLS authentication request. Select one of the

options listed below:

• Subject Common name (default): Use the CommonName (CN)

in the Subject attribute.

• Subject EmailAddress: Use the Email Address(E) in the Subject

attribute.

• SubjectAltName RFC822Name: Use the RFC822Name in the

SubjectAltName attribute.

• Check all attributes: Search all of the above three fields for a

matching name.

• Disable: Ignore comparing User name with Certificate name.

For TLS. Fully-qualified file name to a list of prohibited client

certificates. File must be in .pem or .cer format.

Certificate Revocation List Path

File Size Properties

Clicking File Size Properties takes you to the File Size Properties screen where you can modify the

Maximum Logfile Size property.

Maximum Logfile Size

This property refers to the maximum size (in bytes) of the server’s logfiles and accounting logfiles.

The minimum value for this parameter is 65,536 and the maximum is 2,147,483,647. Once the

configured size is reached, the file is closed and a new log file is created. If no value is specified,

2,147,483,647 is used.

Miscellaneous Properties

Clicking Miscellaneous Properties takes you to the Miscellaneous Properties screen where you can

modify the Permit Microsoft Client Authenticate As Computer property.

Permit Microsoft Client Authenticate As Computer

Enable (Yes) to support the Microsoft client authenticate as computer feature. The Microsoft

supplicants must also be configured to authenticate as computers. If this parameter is enabled

Certificate Properties 97