User's Manual
Table Of Contents
- Table of Contents
- List of Figures
- Introduction
- Installing the Wireless Array
- Installation Prerequisites
- Planning Your Installation
- Installation Workflow
- Installing Your Wireless Array
- Powering Up the Wireless Array
- Establishing Communication with the Array
- Entering the License
- Performing the Express Setup Procedure
- The Web Management Interface
- Viewing Status on the Wireless Array
- Configuring the Wireless Array
- Express Setup
- Network
- Services
- VLANs
- Tunnels
- Security
- SSIDs
- Groups
- IAPs
- WDS
- Filters
- Clusters
- Using Tools on the Wireless Array
Wireless Array
Configuring the Wireless Array 213
The Array’s certificate is signed by a Xirrus CA that is customized for your Array
and its current host name. By default, browsers will not trust the Array’s
certificate. You may import the Xirrus certificate to instruct the browser to trust
the Xirrus CA on all future connections to Arrays. The certificate for the Xirrus
CA is available on the Array, so that you can import it into your browser’s cache
of trusted CAs (right alongside VeriSign, for example). On the Management
Control window of the WMI you will see the xirrus-ca.crt file. (Figure 122)
By clicking and opening this file, you can follow your browser’s instructions and
import the Xirrus CA into your CA cache (see page 225 for more information).
This instructs your browser to trust any of the certificates signed by the Xirrus
CA, so that when you connect to any of our Arrays you should no longer see the
warning about an untrusted site. Note however, that this only works if you use
the host name when connecting to the Array. If you use the IP address to connect,
you get a lesser warning saying that the certificate was only meant for ‘hostname’.
Since an Array’s certificate is based on the Array’s host name, any time you
change the host name the Array’s CA will regenerate and sign a new certificate.
This happens automatically the next time you reboot after changing the host
name. If you have already installed the Xirrus CA on a browser, this new Array
certificate should automatically be trusted.
When you install the Xirrus CA in your browser, it will trust a certificate signed
by any Xirrus Array, as long as you connect using the Array’s host name.
Using an External Certificate Authority
If you prefer, you may install a certificate on your Array signed by an outside CA.
Why use a certificat
e from an external CA? The Array’s certificate is used for
security when stations attempt to associate to an SSID that has Web Page Redirect
enabled. In this case, it is preferable for the Array to present a certificate from an
external CA that is likely to be trusted by most browsers. When a WPR login page
is presented, the user will not see a security error if the Array’s certificate was
obtained from an external CA that is already trusted by the user’s browser.
WMI provides options for creating a Certificate Signing Request that you can
send to an external CA, and for uploading the signed certificate to the Array after