Cisco Cisco Cius 4G 디자인 가이드
Cisco Cius Wireless Deployment Guide
94
For more information, refer to the Configuring Settings on Cisco Cius in the Cisco Cius Administration Guide at this URL:
http://www.cisco.com/en/US/products/ps11156/prod_maintenance_guides_list.html
Installing Certificates
Cisco Cius supports DER encoded binary X.509 certificates, which can be utilized with EAP-TLS or for authentication server
validation when using PEAP.
Extensible Authentication Protocol Transport Layer Security (EAP-TLS) is using the TLS protocol with PKI to secure
communications to the authentication server.
validation when using PEAP.
Extensible Authentication Protocol Transport Layer Security (EAP-TLS) is using the TLS protocol with PKI to secure
communications to the authentication server.
TLS provides a way to use certificates for both user and server authentication and for dynamic session key generation.
EAP-TLS provides excellent security, but requires client certificate management.
Microsoft® Certificate Authority (CA) servers are recommended as we have certified interoperability only with those CA types.
Other CA server types may not be completely interoperable with Cisco Cius.
Both DER and Base-64 formats are acceptable for the client and server certificates.
Certificates with a key size of 1024, 2048, and 4096 are supported.
EAP-TLS provides excellent security, but requires client certificate management.
Microsoft® Certificate Authority (CA) servers are recommended as we have certified interoperability only with those CA types.
Other CA server types may not be completely interoperable with Cisco Cius.
Both DER and Base-64 formats are acceptable for the client and server certificates.
Certificates with a key size of 1024, 2048, and 4096 are supported.
Ensure the client and server certificates are signed using either the SHA-1 or SHA-2 algorithm, as the SHA-3 signature
algorithms are not supported.
Ensure Client Authentication is listed in the Enhanced Key Usage section of the user certificate details.
algorithms are not supported.
Ensure Client Authentication is listed in the Enhanced Key Usage section of the user certificate details.
X.509 digital certificates are required to be installed if utilizing EAP-TLS or PEAP with server validation for WLAN
authentication.
The user certificate must be in PKCS #12 format (.p12 extension), which contains the certificate and private key.
The CA certificate must be in DER or Base-64 (.crt extension as the .cer format is not supported).
authentication.
The user certificate must be in PKCS #12 format (.p12 extension), which contains the certificate and private key.
The CA certificate must be in DER or Base-64 (.crt extension as the .cer format is not supported).