Mapping IAP Certificates

When an Instant Access Points (IAPs) joins a group that does not have a certificate, the IAPs existing certificate is retained. When an IAP joins a group that already has a certificate, the certificate of the IAP is overwritten by the group certificate.

To map an IAP certificate name to a specific certificate type or category, complete the following steps:

1. In the WebUI, set the filter to a group containing at least one AP.

   The dashboard context for the group is displayed.

2. Under Manage, click Devices > Access Points.

   A list of APs is displayed in the List view.

3. Click the Config icon.

   The tabs to configure the APs are displayed.

4. Click Show Advanced.
5. Click the Security tab.

   The Security page is displayed.

6. Expand the Certificate Usage accordion.
7. To map a certificate, for each usage type under Usage Type, select the suitable certificate from the Certificate drop-down list:
   • Certificate Authority—To verify the identity of a client.
   • Authentication Server—To verify the identity of the server to a client.
   • Captive Portal—To verify the identity of internal captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. server.

   • Radsec use EST Server—Turn on the Radsec use EST Server toggle switch to allow EST certificates to be used in RadSec applications.

     • To enable Radsec use EST Server, you must enable EST Activate in EST Profile.
     • If Radsec use EST Server is enabled, RadSec Client Cert is disabled in Certificate Usage.
   • RadSec Client Cert—To verify the identity of the TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.  server.
   • RadSec CA—To verify the authentication between the IAP and the TLS server.
   • Clearpass—To verify the identity of the ClearPass ClearPass is an access management system for creating and enforcing policies across a network to all devices and applications. The ClearPass integrated platform includes applications such as Policy Manager, Guest, Onboard, OnGuard, Insight, Profile, QuickConnect, and so on. server.
   • AP1X CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.—Sets the CA certificate used for 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication.
   • AP1X Client Cert—Sets the certificate used for 802.1X authentication.
   • WebCC CA Cert—Sets the CA certificate used for web content classification.
   • IOT CA Cert—Sets the CA certificate used for IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet..
8. Click Save Settings.