Filter
Top Products
NOC authentication
Setting up the certificates
Authenticating with the login application
The connection between the login application and the service controller is secured using SSL.
When establishing the SSL connection with the service controller, the login application must
supply its SSL certificate. In a standard SSL setup, the service controller uses the CA for this
certificate to validate the certificate’s identity and authenticate the login application.
However, the service controller does not want to accept SSL connections from just any
remote entity with a valid certificate. Rather, it only wants to accept connections from a
specific entity: the login application.
To uniquely identify the login application, the ssl-noc-certificate attribute is defined in the
RADIUS profile for the service controller. This attribute contains the URL of the login
application’s SSL certificate. When the login application presents its SSL certificate, the
service controller retrieves ssl-noc-certificate and checks to make sure that they match.
For further authentication, a second attribute, ssl-noc-ca-certificate, is defined in the
RADIUS profile for the service controller. This attribute contains the URL of the public key of
the certificate authority (CA) that signed the login application’s SSL certificate. The service
controller uses the public key to determine if the login application’s SSL certificate can be
trusted.
Authenticating the service controller
To identify itself, the service controller uses the SSL certificate configured on the Security >
Certificate Stores page or via the ssl-certificate attribute.
For added security, the login application could also check that this SSL certificate has been
signed by the certificate authority for which the login application has the public key
certificate. The default certificate installed on the service controller, is not signed by a well-
known CA and cannot be used for this purpose. Instead, a new certificate must be installed
on the service controller. This certificate could be signed by a well-known certificate
authority or your own CA.
NOC authentication list
Additional security is provided via the Security list on the Public access > Web server page.
You use this list to define the set of remote IP addresses that the service controller accepts
authentication requests from. If a request is received from an address not in this list, it is
discarded.
Setting up the certificates
This section presents an overview of the certificates you need to install to secure
communication between the remote login page and the service controller. For detailed
discussion of the issues, see Addressing security concerns on page D-5.
D-6