No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

WLAN Product Interoperation Configuration Guide

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Deploying a CA Certificate Server

Deploying a CA Certificate Server

To use 802.1X certificate authentication, a CA certificate server must be deployed in advance.

A Windows CA certificate server supports only Windows Server 2012 Enterprise or Windows Server 2012 R2 Enterprise.

Online Video

You are advised to check the CA certificate server deployment according to the following flowchart.

1 2 3 4 5 6 7 8
  1. Open a browser and enter https://Server-IP/certsrv, where Server-IP indicates the IP address of the CA certificate server.

    If the following page is displayed after login using the AD domain account administrator and its password, the CA server functions properly. Otherwise, delete and then add the CA component again.

  2. On Certification Authority, right-click the root certificate. In the displayed dialog box, click the Extensions tab and check extended fields CDP and AIA.
    • CDP: Include in the CDP extension of issued certificates must be selected for LDAP and HTTP.
    • AIA: The two options in the red box must be selected for the OCSP URL.

  3. Open a browser and enter https://Server-IP/certsrv/mscep_admin, where Server-IP indicates the IP address of the CA certificate server.

    If the following page is displayed after login using the AD domain account administrator and its password, the SCEP and HTTPS settings are correct.

    If the page is displayed in HTTP mode but cannot be displayed in HTTPS mode, check whether HTTPS is bound to the certificate, and whether the correct root certificate is selected. Select the certificate the same as the full computer name for SSL certificate.

    If the page cannot be displayed in HTTP mode, check whether Network Device Enrollment Service is Installed.

  4. The SCEP template must contain the Client Authentication field. Otherwise, end users may fail the authentication. If the SCEP template does not contain the Client Authentication field, correct the settings based on the video instruction.

  5. In the registries, set the SCEP template name and disable EnforcePassword.

    Find entries in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP, and set their values to the SCEP template name.

    Registry modification takes effect only after the operating system is restarted.

    Set EnforcePassword to 0.

  6. Check the permission settings in the SCEP and OCSP templates. If the settings are incorrect, correct them based on the video instruction.

  7. Check whether the SCEP and OCSP templates are issued. If SCEP and OCSP templates are not in the list, issue the templates based on the video instruction.

  8. Choose Start > Administrative Tools > Online Responder Management to check whether OCSP is in working state. If not, delete ocsp_test and create it again based on the video instruction.

  9. The properties of the revocation configuration and the random number and signature of the Agile Controller-Campus must have the relationship shown in the following figure:

Translation
Download
Updated: 2019-03-30

Document ID: EDOC1000113779

Views: 50746

Downloads: 1687

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next