Home > User Interface > Configuration > Advanced Access Configuration > PKI Providers
|
Menu path: Configuration > Advanced Access Configuration Overview > PKI Providers.
PKI (public key infrastructure) providers must be defined before being used by Provisioners. The provider configuration defines how A3 connects to the PKI and what information will be sent.
The general format and usage of this page is discussed in General GUI Usage.
The PKI Providers page lists all of the defined providers. A new tier may
be used by clicking 
. Two
types of PKI providers are available:
Note
The A3 PKI is an internal tool to be used solely for testing and not in a production network.The A3 PKI provider uses the PKI interface built into A3. The fields in the form used for provider creation and editing are:
| Field | Usage | Example |
|---|---|---|
| PKI Provider Name | The unique ID of the PKI provider. | Corporate PKI |
| Protocol | The protocol to be used for connecting to the provider. One of https or http. | https |
| Host | The IP address of the A3 host providing the service. | 127.0.0.1 |
| Port | The port number on which to contact the A3 PKI API. | 9393 |
| User Name | The user name used to connect to the PKI. | admin |
| Password | The password associated with the user name. | secret |
| Profile | The name of the certificate profile to be used for certificate generation. | default |
| Country | The country to be used in the certificate. | United States |
| State | The state to be used in the certificate. | New York |
| Organization | The organization to be used in the certificate. | Atomic Widgets |
| Common Name Attribute | The client attribute to be used as the common name in the certificate, one of Username or MAC address. | Username |
| Common Name Format | Defines how the common name is formatted. %s will expand to the value selected in the Common Name Attribute. | %s |
| Revoke on Unregistered | If enabled, the certificate is revoked when the client using it is unregistered. This should not be used when multiple devices share the same certificate. |
|
| CA Certificate | The contents of the CA certificate used to generate the client certificate and key combination. | |
| Server Certificate | The contents of the RADIUS server authentication certificate. |
SCEP PKI providers include the Microsoft PKI. The fields for this option are:
| Field | Usage | Example |
|---|---|---|
| PKI Provider Name | The unique ID of the PKI provider. | MSPKI |
| URL | The URL used to connect to the SCEP-based PKI provider. | https://mspki.example.com |
| Username | The user name used to connect to the SCEP server, if required. | |
| Password | The password associated with the user name, if required. | |
| Country | The country to be used in the certificate. | United States |
| State | The state to be used in the certificate. | New York |
| Locality | The locality to be used in the certificate. | Brooklyn |
| Organization | The organization to be used in the certificate. | Atomic Widgets |
| Organizational Unit | The organization unit to be used in the certificate. | Sales |
| Common Name Attribute | The client attribute to be used as the common name in the certificate, one of Username or MAC address. | Username |
| Common Name Format | Defines how the common name is formatted. %s will expand to the value selected in the Common Name Attribute. | %s |
| CA Certificate | The contents of the CA certificate used to generate the client certificate and key combination. | |
| Server Certificate | The contents of the RADIUS server authentication certificate. |
Copyright © 2020 Extreme Networks. All rights reserved. Published December 2020.