Redline Communications Inc. AN100UXA 用户手册
User
AN-100U/UX Base Station
Manual
70-00058-01-04
Proprietary Redline Communications © 2010
Page 114 of 136
April 19, 2010
7.3.2 Configuring the Base Station
Obtaining Base Station X.509 Certificates
When using privacy, you must obtain and load the following two X.509 certificates:
Redline_Communications_Root_CA.509
Redline_Communications_Root_CA_R.509
These certificates are available from your Redline Certified Partner.
Important: It is recommended to ensure that both certificates are pre-loaded on all
sectors using privacy. This will ensure privacy support is available when new or
replacement subscribers (running v2.2 or higher) are installed in a sector.
sectors using privacy. This will ensure privacy support is available when new or
replacement subscribers (running v2.2 or higher) are installed in a sector.
Privacy Settings (TrustAll)
The privacy feature is always enabled on the base station, but is individually enabled or
disabled on each subscriber. When a subscriber has privacy enabled, the TrustAll
parameter setting determines the mode of authentication. Refer to the following table for
details. Changes to the TrustAll setting are effective only after rebooting the base
station.
disabled on each subscriber. When a subscriber has privacy enabled, the TrustAll
parameter setting determines the mode of authentication. Refer to the following table for
details. Changes to the TrustAll setting are effective only after rebooting the base
station.
Table 56: Op. Notes - Base Station TrustAll Setting
TrustAll
Base Station
No (0)
A Root CA must be loaded on the base station.
The base station enforces the full validation process.
Important: When the base station TrustAll setting is 0 (no), subscribers with
The base station enforces the full validation process.
Important: When the base station TrustAll setting is 0 (no), subscribers with
privacy enabled can not be authenticated unless the operator has loaded a Root
CA on the base station.
CA on the base station.
Yes (1)
Requires a Root CA file to be loaded on the base station.
Authentication is successful if the subscriber presents a correctly formatted
Authentication is successful if the subscriber presents a correctly formatted
certificate (base station does not enforce the entire validation process).
Important: The privacy command UseTestTimes is for factory testing only. Do not
change the default setting (0) for this parameter.
change the default setting (0) for this parameter.
Base Station Certificates
The base station can be configured to require a Root certificate for authentication, or to
authenticate any subscriber presenting a correctly formed certificate (see base station
TrustAll parameter). The Redline Root CA (issued by Verisign) can be loaded on the
base station and used to authenticate Redline subscriber modems (but not modems with
certificates by third-party vendors).
authenticate any subscriber presenting a correctly formed certificate (see base station
TrustAll parameter). The Redline Root CA (issued by Verisign) can be loaded on the
base station and used to authenticate Redline subscriber modems (but not modems with
certificates by third-party vendors).
Examining Base Station x509 Certificates
Certificate commands are located in the 'x509' group of CLI commands. Use the show
command to display the X.509 certificates (if available).
command to display the X.509 certificates (if available).
Example #1: No Root CA has been loaded (default).
AN100U#> x509
AN100U(x509 ->)#> show
(Empty)
AN100U(x509 ->)#>