Home > User Interface > Configuration > Advanced Access Configuration > PKI Providers
|
Menu path: Configuration > Advanced Access Configuration Overview > PKI Providers.
PKI (public key infrastructure) providers must be defined before being used by Provisioners. The provider configuration defines how A3 connects to the PKI and what information will be sent.
The general format and usage of this page is discussed in General GUI Usage.
The PKI Providers page lists all of the defined providers. A new tier can
be used by clicking 
. Two types of PKI providers are available:
Note
The A3 PKI is an internal tool to be used solely for testing and not in a production network.The A3 PKI provider uses the PKI interface built into A3. The fields in the form used for provider creation and editing are:
| Field | Usage | Example |
|---|---|---|
| PKI Provider Name | The unique ID of the PKI provider. | Corporate PKI |
| Template | Choose a template for the generation of certificates. | |
| Country | The country to be used in the certificate. | United States |
| State | The state to be used in the certificate. | New York |
| Organization | The organization to be used in the certificate. | Atomic Widgets |
| Common Name Attribute | The client attribute to be used as the common name in the certificate, one of Username or MAC address. | Username |
| Common Name Format | Defines how the common name is formatted. %s will expand to the value selected in the Common Name Attribute. | %s |
| Revoke on Unregistered | If enabled, the certificate is revoked when the client using it is unregistered. This should not be used when multiple devices share the same certificate. |
|
| CA Certificate | The contents of the CA certificate used to generate the client certificate and key combination. | |
| Server Certificate | The contents of the RADIUS server authentication certificate. |
SCEP PKI providers include the Microsoft PKI. The fields for this option are:
| Field | Usage | Example |
|---|---|---|
| PKI Provider Name | The unique ID of the PKI provider. | MSPKI |
| URL | The URL used to connect to the SCEP-based PKI provider. | https://mspki.example.com |
| Username | The user name used to connect to the SCEP server, if required. | |
| Password | The password associated with the user name, if required. | |
| Country | The country to be used in the certificate. | United States |
| State | The state to be used in the certificate. | New York |
| Locality | The locality to be used in the certificate. | Brooklyn |
| Organization | The organization to be used in the certificate. | Atomic Widgets |
| Organizational Unit | The organization unit to be used in the certificate. | Sales |
| Common Name Attribute | The client attribute to be used as the common name in the certificate, one of Username or MAC address. | Username |
| Common Name Format | Defines how the common name is formatted. %s will expand to the value selected in the Common Name Attribute. | %s |
| CA Certificate | The contents of the CA certificate used to generate the client certificate and key combination. | |
| Server Certificate Path | The path of the RADIUS server authentication certificate on the A3 server. | /usr/local/A3/raddb/certs/01.pem |
Copyright © 2021 Extreme Networks. All rights reserved. Published April 2021.