CLIENT CERTIFICATE (EAP-TLS USE)

Similar documents
Generating an Apple Push Notification Service Certificate

Browser-based Support Console

DMZ Server monitoring with

NIST - TRACEABLE COMPUSYNC SYSTEM

Xcalibur Global Version 1.2 Installation Guide Document Version 3.0

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Wavecrest Certificate

IBM Client Security Solutions. Client Security User's Guide

SolarWinds Technical Reference

ESET SECURE AUTHENTICATION. API SSL Certificate Replacement

Lab 05: Deploying Microsoft Office Web Apps Server

DIGIPASS CertiID. Getting Started 3.1.0

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

Setting Up SSL on IIS6 for MEGA Advisor

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

Dlink DFL 800/1600 series: Using the built-in MS L2TP/IPSEC VPN client with certificates

SolarWinds Migrating SolarWinds NPM Technical Reference

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Windows Intune Walkthrough: Windows Phone 8 Management

Using Microsoft s CA Server with SonicWALL Devices

Zenprise Device Manager 6.1

Sophos Anti-Virus for NetApp Storage Systems startup guide

Secure IIS Web Server with SSL

Microsoft Office 365 Using SAML Integration Guide

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

DIGIPASS Authentication for Windows Logon Getting Started Guide 1.1

Security Certificate Configuration for IM and Presence Service

etoken Enterprise For: SSL SSL with etoken

Xerox Multifunction Devices. Verify Device Settings via the Configuration Report

HP Device Manager 4.7

Omtool Server Monitor administrator guide

Managing Web Server Certificates on idrac

Version Provance Technologies, Inc. All rights reserved. Provance Technologies Inc. 85 Bellehumeur Gatineau, Quebec CANADA J8T 8B7

4cast Client Specification and Installation

NetIQ Advanced Authentication Framework - Administrative Tools. Installation Guide. Version 5.1.0

How To Install Ctera Agent On A Pc Or Macbook With Acedo (Windows) On A Macbook Or Macintosh (Windows Xp) On An Ubuntu (Windows 7) On Pc Or Ipad

LoadMaster SSL Certificate Quickstart Guide

High Availability Setup Guide

Check Point FDE integration with Digipass Key devices

APNS Certificate generating and installation

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

MicrosoftDynam ics GP TenantServices Installation and Adm inistration Guide

Troubleshooting File and Printer Sharing in Microsoft Windows XP

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

Specops Command. Installation Guide

Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

How to: Install an SSL certificate

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Server Installation Guide ZENworks Patch Management 6.4 SP2

Configuring IBM Cognos Controller 8 to use Single Sign- On

NetBackup Backup, Archive, and Restore Getting Started Guide

Sophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later

Obtaining SSL Certificates for VMware Horizon View Servers

Citrix Systems, Inc.

How to Configure a Secure Connection to Microsoft SQL Server

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Installation Guide. Novell Storage Manager for Active Directory. Novell Storage Manager for Active Directory Installation Guide

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N REV A01 January 14, 2011

Symantec Managed PKI. Integration Guide for ActiveSync

RSA Authentication Manager 7.1 Basic Exercises

Active Directory Change Notifier Quick Start Guide

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

Defender Delegated Administration. User Guide

Installation Guide. SafeNet Authentication Service

Quick Start Guide for VMware and Windows 7

e-cert (Server) User Guide For Microsoft IIS 7.0

ACTIVE DIRECTORY DEPLOYMENT

System Administration Training Guide. S100 Installation and Site Management

For Active Directory Installation Guide

Keynote DeviceAnywhere/HP Application Lifecycle Management (HP ALM/QC) Integration Guide. TCE Automation 5.2

Microsoft Dynamics GP. Engineering Data Management Integration Administrator s Guide

Installing and Configuring DB2 10, WebSphere Application Server v8 & Maximo Asset Management

Microsoft IIS Integration Guide

Active Directory Rights Management Service Integration Guide

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1


Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Dell Enterprise Reporter 2.5. Configuration Manager User Guide

Installation Guide for Pulse on Windows Server 2012

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

Installation Guide for Pulse on Windows Server 2008R2

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

Installing Management Applications on VNX for File

Deploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by- Step Guide

The Windows Server 2003 Environment. Introduction. Computer Roles. Introduction to Administering Accounts and Resources. Lab 2

Omniquad Exchange Archiving

Obtaining SSL Certificates for VMware View Servers

Integrating idrac7 With Microsoft Active Directory

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

NETWRIX ACCOUNT LOCKOUT EXAMINER

Administration Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

bv-control User Guide for Active Directory v8.00 BindView Corporation 5151 San Felipe, Suite 2500 Houston, TX 77056

SafeGuard Enterprise upgrade guide. Product version: 6.1

Budget Developer Install Manual 2.5

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

Transcription:

PRIMEXIAQ & TEMP SERIES SENSORS CLIENT CERTIFICATE (EAP-TLS USE) SETUP GUIDE Doc Part No.: SNSDOC-055 01.26.15

Legal Notice Copyright 2015 Primex Wireless, Inc. All rights reserved. SNS is a trademark of Primex Wireless, Inc. U.S. Patents 6,873,573; 7,352,657. Other Patents Pending. Printed in the USA. Information in this document is subject to change without notice. The software described in this document is furnished under a license agreement or nondisclosure agreement. The software may be used or copied only in accordance with the terms of those agreements. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical or otherwise, for any purpose, without the prior written permission of Primex Wireless. Contact Primex Wireless United States Canada United Kingdom Address 965 Wells Street 1310 Kerrisdale Blvd. Unit G420 Dean Clough Lake Geneva WI 53147 Unit #4 Halifax, West Yorkshire HX3 5AX Newmarket, ON L3Y 8V6 Email info@primexinc.com info@primexwireless.ca info@primexwireless.co.uk Web www.primexwireless.com www.primexwireless.ca primexwireless.co.uk Telephone (800) 537-0464 (800) 330-1459 0800-3896996 Fax (262) 248-0061 (905) 952-0134 01422-349462 Primex Wireless Client Certificate (EAP-TLS Use) Setup Guide II

CONTENTS About this Guide 4 Overview 5 Requirements 5 Create Active Directory User 5 Request Certificate 5 Export Certificate as.pfx file 6 Convert Certificate to.pem File Format 7 Convert the.pem file to DER key and DER Certificate 7 Support 8 Primex Wireless Client Certificate (EAP-TLS Use) Setup Guide III

ABOUT THIS GUIDE Purpose This guide provides the procedures required to create a certificate for use of EAP-TLS authentication with Primex Wireless devices. The file (s) created during these procedures will be uploaded to the devices during their configuration for the network. Models These procedures are to be completed for use with the Primex devices listed below. PrimexTEMP Series Sensors PrimexIAQ Series Sensors Typographical Conventions This guide uses typographical conventions to highlight specific types of information. Typeface Indicates Example Bold Menu sequence or command Click Support Command line input > cd /var/sns/sns-install This guide includes notes, cautions, and warnings content that highlights important messages. Typeface Note Caution Warning Example Indicates Indicates something important or useful. Indicates a command or procedure may have an unwanted or undesirable result. Indicates a command or procedure that could be dangerous to system or device. Provides an example of how the topic can be configured or used. Primex Wireless Client Certificate (EAP-TLS Use) Setup Guide 4

OVERVIEW For secure EAP-TLS certificate based authentication, you must create a certificate and then install the certificate file(s) onto the Primex Wireless devices. The certificate is installed during configuring the device for the network. Once a device is configured for the network and operational on your facility s network, it can be managed and monitored from your organization s Application Management Platform (AMP). NOTE: These procedures assume that one multi-use certificate will be deployed for all Primex devices. If your organization requires a unique certificate for each device, this procedure is required to be completed for each single certificate. Requirements Before you begin this procedure, verify below requirements are met. Your facility's IT Infrastructure consists of Microsoft Active Directory integrated with a Cisco ACS and the WLAN. You have Active Directory administrative permission or been delegated the appropriate authority to add user accounts. Your have Administrator privileges on a local domain computer; requires Windows operating system. You have administrative access to the AMP appliance or other another Linux server. General knowledge of Linux is recommended, but is not required. Your organization s AMP is configured and operational on your network. CREATE ACTIVE DIRECTORY USER During this procedure you will create a new unique Active Directory (AD) user account for use with the Primex Wireless devices. 1. Create an AD user that is specific for Primex Wireless devices. The user account is to be a normal account. Do not enable password change on next logon. To uniquely identify Primex Wireless devices, it is recommended the user name is set to PrimexWireless, which will be used as an example throughout these procedures. You will be required to enter the AD user account password during the export certificate procedure. REQUEST CERTIFICATE During this procedure you will request a certificate from your organization s Certificate Authority Server, by use of Microsoft CA. Upon completion of the request, the certificate will be installed on your local computer. NOTE: For Internet Explorer 11, Trusted Sites and Compatibility Viewer is required to be enabled. 1. Open Internet Explorer and log in to your organization s Certificate Authority Server as the new Active Directory user account. For example: http://dc1.mysite.com/certsrv/ 2. Select Download CA Certificate. 3. Name the file CA.der 4. Save it to a location on your local computer. This file is required when configuring a sensor for the network. Primex Wireless Client Certificate (EAP-TLS Use) Setup Guide 5

Export Certificate as.pfx file Requirements 5. From the browser, select Home from the upper right portion of the window. 6. Select Request a certificate. 7. Select Advanced Certificate Request. 8. Select Create and submit a request to this CA. 9. From the Certificate Template drop-down, select User. 10. From the Key Size field, enter a value; minimum of 2048 required. 11. Select Mark Keys as exportable. 12. From Request Format, select CMC. 13. From the Hash Algorithm drop-down, select SHA-1. 14. Choose Submit. 15. A new window appears, select Open this Certificate. EXPORT CERTIFICATE AS.PFX FILE During this procedure, you will export the installed certificate as a.pfx file and save it to your computer by use of Microsoft Management Console (MMC). NOTE: Administrator access on the local computer is required to complete this procedure. 1. From your computer's Start menu > select Run or type Run into the search for programs and files field. 2. From the Open command line, enter mmc (Microsoft Management Console) and choose Ok. 3. From the file menu, select Add/Remove Snap-in. 4. Select Certificates. 5. From the left menu, select from My User Account > Certificates Current User; My User Account 6. From the Personal > Certificates folder, select the certificate to export. 7. Right-click on the certificate, select All Tasks and select Export. The Certificate Export Wizard will begin. 8. Select Yes, export the private key and choose Next. 9. Select Personal Information Exchange - PKCS #12.(PFX) Select Include all certificates in the certification path if possible. Deselect Enable strong protection (requires IE 5.0, NT SP4 or above) Deselect Delete the private key if the export is successful 10. Select Next. 11. Enter the password for the AD user account created for the Primex devices. 12. Specify the file name and save the certificate file (.pfx) to your computer desktop. 13. From the Export was successful notification, choose Ok. Primex Wireless Client Certificate (EAP-TLS Use) Setup Guide 6

Convert Certificate to.pem File Format Requirements CONVERT CERTIFICATE TO.PEM FILE FORMAT During this procedure, you will copy the exported certificate file to the AMP appliance or another supported Linux server to convert the file to a.pem file format. The.PEM file format is required for Primex Wireless devices use of EAP-TLS authentication. 1. Copy the.pfx file to the Primex Wireless AMP appliance or another Linux server that supports openssl commands. 2. Log in to the server appliance. 3. Change to the directory that has the file and issue the command: openssl pkcs12 -in PrimexWirelessCert.pfx -out PrimexWirelessCert.pem -clcerts nodes 4. Enter your local domain user account password and press enter. 5. Copy the.pem file to a local computer that will be used to configure the devices for the network. 6. The next step is dependent upon the device model as described below. The.PEM file is required to be uploaded to each device when configuring devices for the network. These procedures are located in the device model Installation Guide. CONVERT THE.PEM FILE TO DER KEY AND DER CERTIFICATE NOTE: This procedure is only required to be completed for use with PrimexIAQ and PrimexTEMP Series Sensors. During this procedure, you will create the.der key and certificate files. 1. While still logged into the AMP appliance or another Linux server, issue the command: openssl rsa -in PrimexWirelessCert.pem -outform der -out PrimexWirelessKey.der 2. Issue the command: openssl x509 -in PrimexWirelessCert.pem -outform der -out PrimexWirelessCert.der 3. Copy the two DER files to your local machine to the folder where you had previously saved the CA certificate file (CA.der). The two DER files are required to be uploaded to each sensor when configuring the sensors for the network. These procedures are located in the sensor model Installation Guide. Primex Wireless Client Certificate (EAP-TLS Use) Setup Guide 7

SUPPORT Supporting Documentation Additional information is available in the AMP software Support tab. To obtain additional technical documentation for Primex Wireless products, visit the Support area on our Web site (www.primexwireless.com). Technical Support Prime Wireless Technical Support responds to specific questions about product features, system configuration, and troubleshooting. All support services will be delivered in accordance with your organization's support agreement, end user licenses agreements, and warranties. Contact Technical Support Before contacting Primex Wireless Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem. When you contact Technical Support, please have the following information available: Customer ID Problem description Device hardware information Error messages Troubleshooting performed before contacting Primex Wireless Recent network changes (SNS products only) Technical Support Telephone (800) 404-8112 Email techsupport@primexinc.com Fax (262) 248-0061 Hours 7:00 am to 7:00 pm CST Monday through Friday Web www.primexwireless.com Primex Wireless Client Certificate (EAP-TLS Use) Setup Guide 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information