Home » ZyXEL Manuals » Wireless » ZyXEL NWA5301-NJ » Manual Viewer

ZyXEL NWA5301-NJ User Guide - Page 132

Certificates, 13.1 Overview, 13.1.1 What You Can Do in this What You Need to Know

Add to My Manuals
Save this manual to your list of manuals

Page 132 highlights

CHAPTER 13 Certificates 13.1 Overview The NWA/WAC can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner's identity and public key. Certificates provide a way to exchange public keys for use in authentication. 13.1.1 What You Can Do in this Chapter • The My Certificates screens (Section 13.2 on page 135) generate and export self-signed certificates or certification requests and import the NWA/WAC's CA-signed certificates. • The Trusted Certificates screens (Section 13.3 on page 142) save CA certificates and trusted remote host certificates to the NWA/WAC. The NWA/WAC trusts any valid certificate that you have imported as a trusted certificate. It also trusts any valid certificate signed by any of the certificates that you have imported as a trusted certificate. 13.1.2 What You Need to Know The following terms and concepts may help as you read this chapter. When using public-key cryptology for authentication, each host has two keys. One key is public and can be made openly available. The other key is private and must be kept secure. These keys work like a handwritten signature (in fact, certificates are often referred to as "digital signatures"). Only you can write your signature exactly as it should look. When people know what your signature looks like, they can verify whether something was signed by you, or by someone else. In the same way, your private key "writes" your digital signature and your public key allows people to verify whether data was signed by you, or by someone else. This process works as follows: 1 Tim wants to send a message to Jenny. He needs her to be sure that it comes from him, and that the message content has not been altered by anyone else along the way. Tim generates a public key pair (one public key and one private key). 2 Tim keeps the private key and makes the public key openly available. This means that anyone who receives a message seeming to come from Tim can read it and verify whether it is really from him or not. 3 Tim uses his private key to sign the message and sends it to Jenny. 4 Jenny receives the message and uses Tim's public key to verify it. Jenny knows that the message is from Tim, and that although other people may have been able to read the message, no-one can have altered it (because they cannot re-sign the message with Tim's private key). NWA / WAC Series User's Guide 132

Section	Page
NWA/WAC Series	1
Document Conventions	3
Contents Overview	4
Table of Contents	5
User’s Guide	12
Introduction	13
1.1 Overview	13
1.1.1 Management Mode	17
1.1.2 MBSSID	18
1.1.3 Dual-Radio	19
1.1.4 Root AP	19
1.1.5 Repeater	20
1.2 Ways to Manage the NWA/WAC	21
1.3 Good Habits for Managing the NWA/WAC	22
1.4 Hardware Connections	22
1.5 NWA5301-NJ Hardware	22
1.5.1 110 Punch-Down Block	22
1.5.2 Phone Port	24
1.5.3 Console Port	24
1.6 LEDs	25
1.6.1 WAC6502D-E, WAC6502D-S, and WAC6503D-S	25
1.6.2 NWA1123-AC PRO and WAC6103D-I	27
1.6.3 NWA5301-NJ	29
1.6.4 NWA1123-ACv2, NWA5121-N, NWA5121-NI, NWA5123-AC and NWA5123-NI	30
1.6.5 WAC5302D-S	31
1.6.6 NWA1123-AC HD, NWA5123-AC HD and WAC6303D-S	32
1.7 Starting and Stopping the NWA/WAC	33
The Web Configurator	35
2.1 Overview	35
2.2 Accessing the Web Configurator	35
2.3 Navigating the Web Configurator	36
2.3.1 Title Bar	37
2.3.2 Navigation Panel	40
2.3.3 Warning Messages	43
2.3.4 Tables and Lists	43
Setup Wizard	47
3.1 Accessing the Wizard	47
3.2 Using the Wizard	47
3.2.1 Country Code	47
3.2.2 Time Zone	48
3.2.3 Uplink	48
3.2.4 Radio	49
3.2.5 SSID	50
3.2.6 Summary	52
Technical Reference	53
Dashboard	54
4.1 Overview	54
4.1.1 What You Can Do in this Chapter	54
4.2 Dashboard	54
4.2.1 CPU Usage	58
4.2.2 Memory Usage	59
Monitor	60
5.1 Overview	60
5.1.1 What You Can Do in this Chapter	60
5.2 What You Need to Know	60
5.3 Network Status	61
5.3.1 Port Statistics Graph	63
5.4 Radio List	64
5.4.1 AP Mode Radio Information	65
5.5 Station List	67
5.6 WDS Link Info	68
5.7 Detected Device	69
5.8 View Log	72
Network	75
6.1 Overview	75
6.1.1 Management Mode	75
6.1.2 What You Can Do in this Chapter	77
6.2 IP Setting	78
6.3 VLAN	79
6.4 AC (AP Controller) Discovery	82
Wireless	84
7.1 Overview	84
7.1.1 What You Can Do in this Chapter	84
7.1.2 What You Need to Know	85
7.2 AP Management	85
7.3 Rogue AP	88
7.3.1 Add/Edit Rogue/Friendly List	90
7.4 Load Balancing	91
7.4.1 Disassociating and Delaying Connections	93
7.5 DCS	94
7.6 Technical Reference	94
Bluetooth	97
8.1 Overview	97
8.1.1 What You Need To Know	97
8.2 Bluetooth Advertising Settings	97
8.2.1 Edit Advertising Settings	98
User	100
9.1 Overview	100
9.1.1 What You Can Do in this Chapter	100
9.1.2 What You Need To Know	100
9.2 User Summary	101
9.2.1 Add/Edit User	101
9.3 Setting	103
9.3.1 Edit User Authentication Timeout Settings	105
AP Profile	107
10.1 Overview	107
10.1.1 What You Can Do in this Chapter	107
10.1.2 What You Need To Know	107
10.2 Radio	108
10.2.1 Add/Edit Radio Profile	109
10.3 SSID	114
10.3.1 SSID List	114
10.3.2 Add/Edit SSID Profile	115
10.4 Security List	118
10.4.1 Add/Edit Security Profile	118
10.5 MAC Filter List	121
10.5.1 Add/Edit MAC Filter Profile	122
10.6 Layer-2 Isolation List	123
10.6.1 Add/Edit Layer-2 Isolation Profile	124
MON Profile	126
11.1 Overview	126
11.1.1 What You Can Do in this Chapter	126
11.2 MON Profile	126
11.2.1 Add/Edit MON Profile	127
11.3 Technical Reference	128
WDS Profile	130
12.1 Overview	130
12.1.1 What You Can Do in this Chapter	130
12.2 WDS Profile	130
12.2.1 Add/Edit WDS Profile	131
Certificates	132
13.1 Overview	132
13.1.1 What You Can Do in this Chapter	132
13.1.2 What You Need to Know	132
13.1.3 Verifying a Certificate	134
13.2 My Certificates	135
13.2.1 Add My Certificates	136
13.2.2 Edit My Certificates	138
13.2.3 Import Certificates	141
13.3 Trusted Certificates	142
13.3.1 Edit Trusted Certificates	143
13.3.2 Import Trusted Certificates	146
13.4 Technical Reference	147
System	148
14.1 Overview	148
14.1.1 What You Can Do in this Chapter	148
14.2 Host Name	148
14.3 Date and Time	149
14.3.1 Pre-defined NTP Time Servers List	152
14.3.2 Time Server Synchronization	152
14.4 WWW Overview	153
14.4.1 Service Access Limitations	153
14.4.2 System Timeout	153
14.4.3 HTTPS	154
14.4.4 Configuring WWW Service Control	154
14.4.5 HTTPS Example	155
14.5 SSH	163
14.5.1 How SSH Works	163
14.5.2 SSH Implementation on the NWA/WAC	164
14.5.3 Requirements for Using SSH	165
14.5.4 Configuring SSH	165
14.5.5 Examples of Secure Telnet Using SSH	165
14.6 Telnet	167
14.7 FTP	167
14.8 SNMP	168
14.8.1 Supported MIBs	169
14.8.2 SNMP Traps	170
14.8.3 Configuring SNMP	170
14.8.4 Adding or Editing an SNMPv3 User Profile	171
Log and Report	173
15.1 Overview	173
15.1.1 What You Can Do In this Chapter	173
15.2 Email Daily Report	173
15.3 Log Setting	175
15.3.1 Log Setting Screen	176
15.3.2 Edit System Log Settings	177
15.3.3 Edit Remote Server	181
15.3.4 Active Log Summary	182
File Manager	185
16.1 Overview	185
16.1.1 What You Can Do in this Chapter	185
16.1.2 What you Need to Know	185
16.2 Configuration File	186
16.2.1 Example of Configuration File Download Using FTP	190
16.3 Firmware Package	191
16.3.1 Example of Firmware Upload Using FTP	192
16.4 Shell Script	193
Diagnostics	196
17.1 Overview	196
17.1.1 What You Can Do in this Chapter	196
17.2 Diagnostics	196
LEDs	198
18.1 Overview	198
18.1.1 What You Can Do in this Chapter	198
18.2 Suppression Screen	198
18.3 Locator Screen	199
Antenna Switch	200
19.1 Overview	200
19.1.1 What You Need To Know	200
19.2 Antenna Switch Screen	200
Reboot	202
20.1 Overview	202
20.1.1 What You Need To Know	202
20.2 Reboot	202
Shutdown	203
21.1 Overview	203
21.1.1 What You Need To Know	203
21.2 Shutdown	203
Troubleshooting	204
22.1 Overview	204
22.2 Power, Hardware Connections, and LED	204
22.3 NWA/WAC Access and Login	205
22.4 Internet Access	206
22.5 Wireless Connections	207
22.6 Resetting the NWA/WAC	212
22.7 Getting More Troubleshooting Help	213
Importing Certificates	214
IPv6	227
Customer Support	235
Legal Information	241

Match case Limit results 1 per page

NWA / WAC Series User’s Guide

132

HAPTER

Certificates

13.1

Overview

The NWA/WAC can use certificates (also called digital IDs) to authenticate users. Certificates are based

on public-private key pairs. A certificate contains the certificate owner’s identity and public key.

Certificates provide a way to exchange public keys for use in authentication.

13.1.1

What You Can Do in this Chapter

• The

My Certificates

screens (

Section 13.2 on page 135

) generate and export self-signed certificates or

certification requests and import the NWA/WAC’s CA-signed certificates.

• The

Trusted Certificates

screens (

Section 13.3 on page 142

) save CA certificates and trusted remote

host certificates to the NWA/WAC. The NWA/WAC trusts any valid certificate that you have imported

as a trusted certificate. It also trusts any valid certificate signed by any of the certificates that you

have imported as a trusted certificate.

13.1.2

What You Need to Know

The following terms and concepts may help as you read this chapter.

When using public-key cryptology for authentication, each host has two keys. One key is public and can

be made openly available. The other key is private and must be kept secure.

These keys work like a handwritten signature (in fact, certificates are often referred to as “digital

signatures”). Only you can write your signature exactly as it should look. When people know what your

signature looks like, they can verify whether something was signed by you, or by someone else. In the

same way, your private key “writes” your digital signature and your public key allows people to verify

whether data was signed by you, or by someone else.

This process works as follows:

Tim wants to send a message to Jenny. He needs her to be sure that it comes from him, and that the

message content has not been altered by anyone else along the way. Tim generates a public key pair

(one public key and one private key).

Tim keeps the private key and makes the public key openly available. This means that anyone who

receives a message seeming to come from Tim can read it and verify whether it is really from him or not.

Tim uses his private key to sign the message and sends it to Jenny.

Jenny receives the message and uses Tim’s public key to verify it. Jenny knows that the message is from

Tim, and that although other people may have been able to read the message, no-one can have

altered it (because they cannot re-sign the message with Tim’s private key).