HP 635n HP Jetdirect Print Servers - How to Use 802.1X on HP Jetdirect Print S - Page 70
Server ID Matching
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 70 highlights
Figure 32 - Server ID Matching Let's look at some examples that show the behavior of the Server ID field with two IAS servers configured as 802.1X Authentication Servers as shown previously: • Example 1: Jetdirect Server ID: Blank. Result: If the Authentication Server's certificate is trusted, accept all Common Names returned in the Subject field of the Authentication Server certificate • Example 2: Jetdirect Server ID: "example.internal", Require Exact Match not checked. Result: If the Authentication Server's certificate is trusted, accept all Common Names returned in the Subject field of the Authentication Server certificate that have "example.internal" as a rightmost subset. "ias.example.internal" and "ias2.example.internal" will both be accepted because "example.internal" is a rightmost match for both. • Example 3: Jetdirect Server ID: "ias", Require Exact Match not checked. Result: If the Authentication Server's certificate is trusted, accept all Common Names where "ias" is a rightmost subset of the name. Here, both servers "ias.example.internal" and "ias2.example.internal" will be REJECTED because it is not a rightmost subset of the name. "ias" is a LEFTMOST match, it is NOT a rightmost match. • Example 4: Jetdirect Server ID: "ias.example.internal", Require Exact Match is checked. Result: If the Authentication Server's certificate is trusted, accept all Common Names where ias.example.internal is the EXACT name. Here, the server ias2.example.internal will be REJECTED because it does NOT match EXACTLY "ias.example.internal" • Example 5: Jetdirect Server ID: "ias.example.internal", Require Exact Match not checked. Result: If the Authentication Server's certificate is trusted, accept all Common Names where ias.example.internal is a rightmost subset of the name. Here, the server ias2.example.internal will be REJECTED because it is not a rightmost subset of the name. As we can see, Jetdirect's Server ID field allows for fine grained use of which certificate will be accepted and can be configured to support multiple Authentication Servers without accepting all common names. 70