HP 635n HP Jetdirect Print Servers - How to Use 802.1X on HP Jetdirect Print S - Page 70

Server ID Matching

Get HP 635n - JetDirect IPv6/IPsec Print Server PDF manuals and user guides
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals

Page 70 highlights

Figure 32 - Server ID Matching Let's look at some examples that show the behavior of the Server ID field with two IAS servers configured as 802.1X Authentication Servers as shown previously: • Example 1: Jetdirect Server ID: Blank. Result: If the Authentication Server's certificate is trusted, accept all Common Names returned in the Subject field of the Authentication Server certificate • Example 2: Jetdirect Server ID: "example.internal", Require Exact Match not checked. Result: If the Authentication Server's certificate is trusted, accept all Common Names returned in the Subject field of the Authentication Server certificate that have "example.internal" as a rightmost subset. "ias.example.internal" and "ias2.example.internal" will both be accepted because "example.internal" is a rightmost match for both. • Example 3: Jetdirect Server ID: "ias", Require Exact Match not checked. Result: If the Authentication Server's certificate is trusted, accept all Common Names where "ias" is a rightmost subset of the name. Here, both servers "ias.example.internal" and "ias2.example.internal" will be REJECTED because it is not a rightmost subset of the name. "ias" is a LEFTMOST match, it is NOT a rightmost match. • Example 4: Jetdirect Server ID: "ias.example.internal", Require Exact Match is checked. Result: If the Authentication Server's certificate is trusted, accept all Common Names where ias.example.internal is the EXACT name. Here, the server ias2.example.internal will be REJECTED because it does NOT match EXACTLY "ias.example.internal" • Example 5: Jetdirect Server ID: "ias.example.internal", Require Exact Match not checked. Result: If the Authentication Server's certificate is trusted, accept all Common Names where ias.example.internal is a rightmost subset of the name. Here, the server ias2.example.internal will be REJECTED because it is not a rightmost subset of the name. As we can see, Jetdirect's Server ID field allows for fine grained use of which certificate will be accepted and can be configured to support multiple Authentication Servers without accepting all common names. 70

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
70
Figure 32 – Server ID Matching
Let’s look at some examples that show the behavior of the Server ID field with two IAS servers
configured as 802.1X Authentication Servers as shown previously:
Example 1
:
Jetdirect Server ID:
Blank.
Result: If the Authentication Server’s certificate is
trusted, accept all Common Names returned in the Subject field of the Authentication Server
certificate
Example 2
:
Jetdirect Server ID:
“example.internal”, Require Exact Match not checked.
Result: If the Authentication Server’s certificate is trusted, accept all Common Names returned
in the Subject field of the Authentication Server certificate that have “example.internal” as a
rightmost subset.
“ias.example.internal
” and “ias2.example.internal
” will both be accepted
because “example.internal
” is a rightmost match for both.
Example 3
:
Jetdirect Server ID:
“ias”, Require Exact Match not checked.
Result: If the
Authentication Server’s certificate is trusted, accept all Common Names where “ias” is a
rightmost subset of the name.
Here, both servers “ias.example.internal” and
“ias2.example.internal” will be REJECTED because it is not a rightmost subset of the name.
“ias” is a LEFTMOST match, it is NOT a rightmost match.
Example 4
:
Jetdirect Server ID:
“ias.example.internal”, Require Exact Match is checked.
Result: If the Authentication Server’s certificate is trusted, accept all Common Names where
ias.example.internal is the EXACT name.
Here, the server ias2.example.internal will be
REJECTED because it does NOT match EXACTLY “ias.example.internal”
Example 5
:
Jetdirect Server ID:
“ias.example.internal”, Require Exact Match not checked.
Result: If the Authentication Server’s certificate is trusted, accept all Common Names where
ias.example.internal
is
a
rightmost
subset
of
the
name.
Here,
the
server
ias2.example.internal will be REJECTED because it is not a rightmost subset of the name.
As we can see, Jetdirect’s Server ID field allows for fine grained use of which certificate will be
accepted and can be configured to support multiple Authentication Servers without accepting all
common names.