Samsung SCX-4720F Quick Guide (easy Manual) (ver.1.0) (English) - Page 28

DER encoded X.509 Binary .cer, Enable Server certificate Validation

Get Samsung SCX-4720F PDF manuals and user guides View all Samsung SCX-4720F manuals
Add to My Manuals
Save this manual to your list of manuals

Page 28 highlights

• Inner Authentication Protocol: EAP-TTLS and PEAP allow for standard RADIUS protocols within their inner tunnel. User authentication is performed by a password. The password credentials are transported in a securely encrypted tunnel that is established using the server certificate. EAPTTLS supports EAP-MD5, CHAP, MS-CHAP, and MS-CHAPv2. PEAP supports EAP-MD5 and MSCHAPv2 as inner authentications. • Identity Name: EAP-TTLS has a unique feature, TTLS Identity, that other EAP authentication protocols do not offer. It passes your user name through an encrypted tunnel (generally called tunneled TLS) as your credentials. It uses TTLS Identity as your credentials before the encrypted tunnel is created. • User Name: 802.1x EAP authentication methods, such as EAP-MD5, EAP-MSCAHPv2, EAP-TTLS, and PEAP, require an EAP user name as an account name. A user name is necessary, if 802.1x authentication is enabled. This is not saved as the default value. • User Password: 802.1x EAP authentication methods, such as EAP-MD5, EAP-MSCAHPv2, EAP-TTLS, and PEAP, require an EAP user password as an account password. A user password is necessary, if 802.1x authentication is enabled. This is not saved as the default value. • Root certificate: You can install a root certificate. To be installed on the Samsung Wireless Network Printer Card, a root certificate must be in the form of Base64 Encoded X.509 with a .cer extension and be less than 3,072 bytes. EAP-TLS, EAP-TTLS, and PEAP authentications need root certificates. 1. Click Configure. If the root certificate has been configured, detailed information on the root certificate displays. 2. Select the root certificate file. 3. Upload the file and click back to return to the front page. • Client certificate: You can install a client certificate. To be installed on the Samsung Wireless Network Printer Card, a client certificate must be in the form of PKCS #12 / Personal Information Exchange with a .pfx extension and be less than 3,072 bytes. EAP-TLS authentication needs a client certificate. 1. Click Configure. If the client certificate has been configured, detailed information on the client certificate displays. 2. Select the client certificate file. 3. Upload the file and click back to return to the front page. NOTE: You can make a certificate into a file using Windows Console: 1. From the Windows Start menu, select Run. 2. Enter mmc in the Run dialogue box. 3. Select File Æ Add/Remove Snap-in. 4. Click Add, select Certificate, and then click Add. 5. In the Certificate Snap-in dialogue box, select Computer Account and click Next Æ Finish Æ Close Æ OK. 6. Select the certificate you want to change to a file. • When making a root certificate, select one of the certificates in the trusted root certificate authority folder. • When making a client certificate, select one of the certificates in the personal folder. 7. Right-click the certificate and select All task Æ Export. 8. In the Certificate Export wizard, click Next. 9. Select DER encoded X.509 Binary (.cer) for a root certificate, or PKCS #12 (.PFX) for a client certificate, and click Next. 10. Enter a file name and click Next. 11. Click Finish to close the wizard. • Enable Server certificate Validation: This option determines whether or not the client authenticates the server. If Server Certificate Validation is disabled, EAP-TTLS and PEAP authentication do not require a root certificate. In Enhanced Security mode, four authentications are provided according to WPA authentication and 802.1x authentication. To use each authentication in Enhanced Security mode, perform the following steps: Using WPA-PSK 1 Set Security Mode to Enhanced Security. 2 Set WPA Authentication to WPA-PSK. 3 Choose TKIP or AES for encryption. The same encryption algorithm must be configured on the access point. 4 Enter the WPA Shared Key as the secret key. The same WPA Shared Key must be configured on the access point. Using EAP-TLS 1 Set Security Mode to Enhanced Security. 2 Set WPA Authentication to IEEE802.1x. 3 Set 802.1x Authentication to EAP-TLS. 4 Choose TKIP, AES, 64-bit WEP, or 128-bit WEP for encryption. The same encryption algorithm must be configured on the access point. 6.6 Wireless network environment

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
Wireless network environment
6.
6
Inner Authentication Protocol
: EAP-TTLS and PEAP allow
for standard RADIUS protocols within their inner tunnel.
User authentication is performed by a password. The
password credentials are transported in a securely encrypted
tunnel that is established using the server certificate. EAP-
TTLS supports EAP-MD5, CHAP, MS-CHAP, and MS-CHAPv2.
PEAP supports EAP-MD5 and MSCHAPv2 as inner
authentications.
Identity Name
: EAP-TTLS has a unique feature, TTLS
Identity, that other EAP authentication protocols do not offer.
It passes your user name through an encrypted tunnel
(generally called tunneled TLS) as your credentials. It uses
TTLS Identity as your credentials before the encrypted
tunnel is created.
User Name
: 802.1x EAP authentication methods, such as
EAP-MD5, EAP-MSCAHPv2, EAP-TTLS, and PEAP, require an
EAP user name as an account name. A user name is
necessary, if 802.1x authentication is enabled. This is not
saved as the default value.
User Password
: 802.1x EAP authentication methods, such
as EAP-MD5, EAP-MSCAHPv2, EAP-TTLS, and PEAP, require
an EAP user password as an account password. A user
password is necessary, if 802.1x authentication is enabled.
This is not saved as the default value.
Root certificate
: You can install a root certificate. To be
installed on the Samsung Wireless Network Printer Card, a
root certificate must be in the form of Base64 Encoded
X.509 with a .cer extension and be less than 3,072 bytes.
EAP-TLS, EAP-TTLS, and PEAP authentications need root
certificates.
1. Click
Configure
.
If the root certificate has been configured, detailed
information on the root certificate displays.
2. Select the root certificate file.
3. Upload the file and click
back
to return to the front page.
Client certificate
: You can install a client certificate. To be
installed on the Samsung Wireless Network Printer Card, a
client certificate must be in the form of PKCS #12 / Personal
Information Exchange with a .pfx extension and be less than
3,072 bytes. EAP-TLS authentication needs a client
certificate.
1. Click
Configure
.
If the client certificate has been configured, detailed
information on the client certificate displays.
2. Select the client certificate file.
3. Upload the file and click
back
to return to the front page.
N
OTE
: You can make a certificate into a file using Windows
Console:
1. From the Windows Start menu, select
Run
.
2. Enter
mmc
in the Run dialogue box.
3. Select
File
Add/Remove Snap-in
.
4. Click
Add
, select
Certificate
, and then click
Add
.
5. In the Certificate Snap-in dialogue box, select
Computer
Account
and click
Next
Finish
Close
OK
.
6. Select the certificate you want to change to a file.
• When making a root certificate, select one of the
certificates in the trusted root certificate authority folder.
• When making a client certificate, select one of the
certificates in the personal folder.
7. Right-click the certificate and select
All task
Export
.
8. In the Certificate Export wizard, click
Next
.
9. Select
DER encoded X.509 Binary (.cer)
for a root
certificate, or
PKCS #12 (.PFX)
for a client certificate, and
click
Next
.
10. Enter a file name and click
Next
.
11. Click
Finish
to close the wizard.
Enable Server certificate Validation
: This option
determines whether or not the client authenticates the
server. If Server Certificate Validation is disabled, EAP-TTLS
and PEAP authentication do not require a root certificate.
In Enhanced Security mode, four authentications are provided
according to WPA authentication and 802.1x authentication. To
use each authentication in Enhanced Security mode, perform
the following steps:
Using WPA-PSK
1
Set Security Mode to
Enhanced Security
.
2
Set WPA Authentication to
WPA-PSK
.
3
Choose
TKIP
or
AES
for encryption. The same encryption
algorithm must be configured on the access point.
4
Enter the WPA Shared Key as the secret key. The same
WPA Shared Key must be configured on the access point.
Using EAP-TLS
1
Set Security Mode to
Enhanced Security
.
2
Set WPA Authentication to
IEEE802.1x
.
3
Set 802.1x Authentication to
EAP-TLS
.
4
Choose
TKIP
,
AES
,
64-bit WEP
, or
128-bit WEP
for
encryption. The same encryption algorithm must be
configured on the access point.