User's Manual
Setting up Profile Security
Certificate Issuer
Certificate Issuer: The server certificate received during TLS message exchange must have been
issued by this certificate authority. Trusted intermediate certificate authorities and root authorities whose
certificates exist in the system store are available for selection in the drop-down list box. If Any Trusted
CA is selected, any CA in the list is acceptable.
● Allow intermediate certificates: The server certificate received during negotiation may have been
issued directly by the certificate authority indicated in the “Certificate issuer” field, or additionally by
one of its intermediate certificate authorities. Check this box to allow a number of unspecified
certificates to be in the server certificate chain between the server certificate and the specified CA.
If unchecked, then the specified CA must have directly issued the server certificate.
Specify Server/Certificate Name
Check this option if you want to specify your server/certificate name.
The server name, or a domain to which the server belongs, based on which of the two options below has
been selected.
● Server name must match exactly: When selected, the server name entered must match exactly
the server name found on the certificate. The server name should include the fully qualified domain
name (e.g., Servername.Domain name) in this field.
● Domain name must end in specified name: When selected, the server name field identifies a
domain and the certificate must have a server name belonging to this domain or to one of its sub-
domains (e.g., zeelans.com, where the server is blueberry.zeelans.com).
Note: These parameters should be obtained from the system administrator.
Server Name
The server name, or a domain to which the server belongs, depending on which of the two options below
has been selected.
● Server name must match exactly: When selected, the server name entered must match exactly
the server name found on the certificate. The server name should include the complete domain
name (e.g., Servername.Domain name) in this field.
● Domain name must end in specified name: When selected, the server name field identifies a
domain and the certificate must have a server name belonging to this domain or to one of its sub-
domains (e.g., zeelans.com, where the server is blueberry.zeelans.com).
Note: These parameters should be obtained from the system administrator.
TTLS Authentication
These settings define the protocol and the credentials used to authenticate a user. In TTLS, the client uses EAP-TLS to validate the server and
create a TLS-encrypted channel between the client and server. The client can use another authentication protocol, typically password-based
file:///C|/CX2%20Muroc%20UG/6-15-04/wepsetup.htm (12 of 19) [6/15/2004 3:40:10 PM]