107
Public Space Parameters
8. When prompted, follow the on-screen instructions and enter the information requested (such as your company’s
name and address).
• You will be prompted to enter a Common Name. The Common Name is typically composed of the Host name
and Domain Name (taking the form of “www.company.com” or “ssl.company.com”). SSL certificates from a CA
are specific to the Common Name to which they have been issued at the Host level. You will configure the AP
to use this same Common Name.
9. Provide the Certificate Signing Request (CSR) to your CA to obtain an SSL certificate.
• Refer to your CA’s Web site for details. If you are using Verisign, you can submit the CSR on-line, as outlined
in the steps below.
1. Go to http://www.verisign.com/.
2. Select the SSL Site Security or SSL Certificate option.
3. Select the option to Secure your Web site with Secure Site Services.
4. Review the documentation provided by Verisign. Verisign provides information on SSL certificate and
step-by-step instructions.
5. You can skip the step which describes how to create a CSR since you have already created the file.
6. Open the server.csr file you generated with a text editor (such as Notepad) and copy and paste the text
to Verisign’s on-line form.
— Begin copying at the “—-BEGIN NEW CERTIFICATE REQUEST—-” line.
— Copy through and including the “—-END NEW CERTIFICATE REQUEST—-” line.
7. Follow the remaining instructions to complete the enrollment process.
• If the CA asks you to select your server software vendor when uploading the CSR file, select Apache
Freeware or Apache SSL.
• You can purchase either a 40-bit or 128-bit key. 128-bit is more secure than 40-bit but many older browsers
only support 40-bit.
• It can take up to a week for the CA to send you the SSL certificate.
10. After you have received the SSL certificate from the CA, use a text editor (such as Notepad) to open the file.
11. Copy and paste the Public Key information into a new file.
• Begin copying at the “—-BEGIN CERTIFICATE —-” line.
• Copy through and including the “—-END CERTIFICATE —-” line.
12. Save this new file with the filename server.pem.
You have now created two of the three key files required to enable SSL on the AP-2500. The third key file
(cacert.pem) is included on the AP’s CD and with software updates posted on Proxim’s Web site.
Enabling SSL on the AP-2500
1. Login to the AP’s Web browser.
2. Launch your TFTP server application (if not already running).
3. Copy cacert.pem, cakey.pem, and server.pem to the TFTP server’s root directory.
• If you are using the SolarWinds TFTP program, the root directory is mostly likely C:\TFTP-Root\.
• Proxim provides cacert.pem on the AP’s CD and with software updates posted on Proxim’s Web site.
• You must create your own cakey.pem and server.pem files. See Creating SSL Keys for details.
4. Click Commands > Download.
5. Enter the IP address of the computer running the TFTP server application in the Server IP Address field.
6. Enter cacert.pem in the File Name field.
7. Set File Type to Generic.
8. Set File Operation to Download.
9. Click OK.
• Result: The TFTP operation begins. A new TFTP Operation Status window opens.
10. Click Close after the TFTP operation is complete.
11. Enter cakey.pem in the File Name field.
12. Set File Type to Generic.
13. Set File Operation to Download.