Filter
Top Products
Parameter Description
no-access No commands are accessible for this role
read-only Read-only role
no access Negates any configured parameter.
Server Group
Name of the group of servers used to authenticate administrative users. See the CLI command aaa-
server-group, in the
CLI Command Reference Guide
for more information.
Managing Certificates
The controller is designed to provide secure services through the use of digital certificates. Certificates provide
security when authenticating users and computers and eliminate the need for less secure password-based
authentication.
There is a
default
server certificate installed in the controller to demonstrate the authentication of the controller for
captive portal and WebUI management access. However, this certificate does not guarantee security in production
networks. Dell
strongly
recommends that you replace the default certificate with a custom certificate issued for your
site or domain by a trusted Certificate Authority (CA). This section describes how to generate a Certificate Signing
Request (CSR) to submit to a CA and how to import the signed certificate received from the CA into the
controller.
The controller supports client authentication using digital certificates for specific user-centric network services, such
as AAA FastConnect, VPN (see Virtual Private Networks on page 271), and WebUI and SSH management access.
Each service can employ different sets of client and server certificates.
During certificate-based authentication, the controller provides its server certificate to the client for authentication.
After validating the controller’s server certificate, the client presents its own certificate to the controller for
authentication. To validate the client certificate, the controller checks the certificate revocation list (CRL)
maintained by the CA that issued the client certificate. After validating the client’s certificate, the controller can
check the user name in the certificate with the configured authentication server (this action is optional and
configurable).
About Digital Certificates
Clients and the servers to which they connect may hold authentication certificates that validate their identities.
When a client connects to a server for the first time, or the first time since its previous certificate has expired or
been revoked, the server requests that the client transmit its authentication certificate. The client’s certificate is
then verified against the CA which issued it. Clients can also request and verify the server’s authentication
certificate. For some applications, such as 802.1x authentication, clients do not need to validate the server
certificate for the authentication to function.
Digital certificates are issued by a CA which can be either a commercial, third-party company or a private CA
controlled by your organization. The CA is trusted to authenticate the owner of the certificate before issuing a
certificate. A CA-signed certificate guarantees the identity of the certificate holder. This is done by comparing the
digital signature on a client or server certificate to the signature on the certificate for the CA. When CA-signed
certificates are used to authenticate clients, the controller checks the validity of client certificates using certificate
revocation lists (CRLs) maintained by the CA that issued the certificate.
Digital certificates employ public key infrastructure (PKI), which requires a private-public key pair. A digital
certificate is associated with a private key, known only to the certificate owner, and a public key. A certificate
DellPowerConnectW-SeriesArubaOS6.2 | User Guide Management Access | 635