Configuring automatic certificate issuing, Requesting a server certificate, Configuring automatic certificate issuing -26 – Motorola 2.1 User Manual
Page 40: Requesting a server certificate -26, Procedure 2-7
Chapter 2: Network Setup
5
Verify correct installation of CA services.
Once installation is complete:
• Verify correct installation by opening the Certificates (Local Computer). Click Start |
Run | and type MMC.exe. Press enter.
• Browse to the certificate store by selecting: Console / Add/Remove Snap-in / Add… /
Certificates / Computer Account
.
Result
: The select PC dialog appears.
• Select
Local Computer
.
• Ensure that the new CA certificate is stored in the Trusted Root Certification Authorities
/ Certificates folder. You should see a trusted root certificate called radius.
Click on the personal folder and click on certificates. Delete the auto generated
certificate called radius. We will re-create this later.
6
Verify that the certificate services web interface is functional.
Using another computer on the network, connect to the certificate server's certificate services
interface at URL: http://172.31.0.21/certsrv.
Configuring Automatic Certificate Issuing
Procedure 2-7 describes how to configure whether or not an administrator needs to approve
certificate requests (manual or automatic issuing).
Procedure 2-7
Configuring Automatic Certificate Issuing
1
Open the Certification Authority item by selecting Control Panel / Administrative Tools.
2
Right click on the name of your local root CA server in the tree view and select Properties.
3
Open the Policy Module tab and click the Properties… button.
4
Select the radio button labeled Follow the settings in the certificate template, if applicable.
Otherwise, automatically issue the certificate
from the Request Handling tab.
5
Restart the Certificate Services to have the changes take effect.
• Selecting
Control Panel / Administrative Tools / Services
.
• Select and restart the Certificate Services service.
Requesting a Server Certificate
The procedure to request a certificate for a network server creates a digital certificate for the
RADIUS server to use for EAP-TTLS authentication.
A server certificate signed by our new CA as well as a copy of the trusted root certificate must
be installed on the RADIUS server. Procedure 5-6 describes how to generate a server
certificate. You must have administrator access on this computer to install the certificates in
the local computer store (required).
2-26