Filter
Top Products
443
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Managing keys and certificates
A digital certificate is a form of electronic identification for computers. The WSS requires digital certificates to authen-
ticate its communications to WLAN Management Software and Web View, to Web-based AAA clients, and to
Extensible Authentication Protocol (EAP) clients for which the WSS performs all EAP processing. Certificates can be
generated on the WSS or obtained from a certificate authority (CA). Keys contained within the certificates allow the
WSS, its servers, and its wireless clients to exchange information secured by encryption.
Why use keys and certificates?
Certain WSS operations require the use of public-private key pairs and digital certificates. All WLAN Management
Software and Web View users, and users for which the WSS performs IEEE 802.1X EAP authentication or Web-based
AAA, require public-private key pairs and digital certificates to be installed on the WSS.
These keys and certificates are fundamental to securing wireless, wired authentication, and administrative connections
because they support Wi-Fi Protected Access (WPA) encryption and dynamic Wired-Equivalency Privacy (WEP)
encryption.
Why use keys and certificates? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
About keys and certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Creating keys and certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
Displaying certificate and key information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
Key and certificate configuration scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
Note. If the switch does not already have certificates, WSS Software automatically
generates the missing ones the first time you boot using WSS Software Version 4.2 or later.
You do not need to install certificates unless you want to replace the ones automatically
generated by WSS Software. (For more information, see “Certificates automatically
generated by WSS software” (page 450).)
Note. Before installing a new certificate, verify with the show timedate and show
timezone commands that the WSS is set to the correct date, time, and time zone.
Otherwise, certificates might not be installed correctly.