3com WX1200 3CRWX120695A Manuel D’Utilisation
Creating Keys and Certificates
419
Creating Keys and
Certificates
Certificates
Public-private key pairs and digital certificates are required for
management access with 3Com Wireless Switch Manager or Web
Manager, or for network access by 802.1X or WebAAA users. The digital
certificates can be self-signed or signed by a certificate authority (CA). If
you use certificates signed by a CA, you must also install a certificate from
the CA to validate the digital signatures of the certificates installed on the
WX switch.
management access with 3Com Wireless Switch Manager or Web
Manager, or for network access by 802.1X or WebAAA users. The digital
certificates can be self-signed or signed by a certificate authority (CA). If
you use certificates signed by a CA, you must also install a certificate from
the CA to validate the digital signatures of the certificates installed on the
WX switch.
Generally, CA-generated certificates are valid for one year beginning with
the system time and date that are in effect when you generate the
certificate request. Self-signed certificates generated when running MSS
Version 4.2.3 or later are valid for three years, beginning one week
before the time and date on the switch when the certificate is generated.
the system time and date that are in effect when you generate the
certificate request. Self-signed certificates generated when running MSS
Version 4.2.3 or later are valid for three years, beginning one week
before the time and date on the switch when the certificate is generated.
Each of the following types of access requires a separate key pair and
certificate:
certificate:
Admin—Administrative access through 3Com Wireless Switch
Manager or Web Manager
Manager or Web Manager
EAP—802.1X access for network users who can access SSIDs
encrypted by WEP or WPA, and for users connected to wired
authentication ports
encrypted by WEP or WPA, and for users connected to wired
authentication ports
WebAAA—Web access for network users who can use a web page to
log onto an unencrypted SSID
log onto an unencrypted SSID
Management access to the CLI through Secure Shell (SSH) also requires a
key pair, but does not use a certificate. (For more SSH information, see
“Managing SSH” on page 113.)
key pair, but does not use a certificate. (For more SSH information, see
“Managing SSH” on page 113.)
WX-WX security also requires a key pair and certificate. However, the
certificate is generated automatically when you enable WX-WX security.
certificate is generated automatically when you enable WX-WX security.