Manualshelf

Manual Part 2

ManualsBrandsRiverbed Technology ManualsComputers & AccessoriesWireless Access Point
61626364656667686970
Wireless Array
218 Configuring the Wireless Array
The Array’s certificate is signed by a Xirrus CA that is customized for your Array
and its current host name. By default, browsers will not trust the Array’s
certificate. You may import the Xirrus certificate to instruct the browser to trust
the Xirrus CA on all future connections to Arrays. The certificate for the Xirrus
CA is available on the Array, so that you can import it into your browser’s cache
of trusted CAs (right alongside VeriSign, for example). On the Management
Control window of the WMI you will see the xirrus-ca.crt file. (Figure 127)
By clicking and opening this file, you can follow your browser’s instructions and
import the Xirrus CA into your CA cache (see “Spanning Tree Protocol: this
protocol is used in Layer 2 networks to turn off ports when necessary to prevent
network loops. It is Off by default, and is turned on automatically if you are using
WDS to interconnect Arrays using wireless links. Use the On button to enable
spanning tree if your network topology requires it. See “Spanning Tree Status” on
page 105.” on page 231 for more information). This instructs your browser to trust
any of the certificates signed by the Xirrus CA, so that when you connect to any of
our Arrays you should no longer see the warning about an untrusted site. Note
however, that this only works if you use the host name when connecting to the
Array. If you use the IP address to connect, you get a lesser warning saying that
the certificate was only meant for ‘hostname’.
Since an Array’s certificate is based on the Array’s host name, any time you
change the host name the Array’s CA will regenerate and sign a new certificate.
This happens automatically the next time you reboot after changing the host
name. If you have already installed the Xirrus CA on a browser, this new Array
certificate should automatically be trusted.
When you install the Xirrus CA in your browser, it will trust a certificate signed
by any Xirrus Array, as long as you connect using the Array’s host name.
Using an External Certificate Authority
If you prefer, you may install a certificate on your Array signed by an outside CA.
Why use a certificate from an external CA? The Array’s certificate is used for
security when stations attempt to associate to an SSID that has Web Page Redirect
(captive portal) enabled. In this case, it is preferable for the Array to present a
certificate from an external CA that is likely to be trusted by most browsers. When