Honeywell Vx9 Manual
Have a look at the manual Honeywell Vx9 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 178 Honeywell manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
6 - 57 If using the Windows certificate store: Check the Use MS store checkbox. The default is to use the Full Trusted Store. To select an individual certificate, click on the Browse button. Uncheck the Use full trusted store checkbox. Select the desired certificate and click Select. You are returned to the Credentials screen. If using the Certs Path option: Use MS store box unchecked. Enter the certificate filename in the CA Cert textbox. Click OK then click Commit. The device should be authenticating the server certificate and using PEAP/GTC for the user authentication. Ensure the correct Active Profile is selected on the Main tab and restart. The SCU Main tab shows the device is asso- ciated after the radio connects to the network. Note: The date must be properly set on the device to authenticate a certificate.
6 - 58 WPA/LEAP To use WPA/LEAP, make sure the following profile options are used. Enter the SSID of the Access Point assigned to this profile EAP Type to LEAP Encryption to WPA TKIP Auth Type as follows: If the Cisco/CCX certified AP is configured for open authentication, set the Auth Type radio parameter to Open. If the AP is configured to use shared key or passphrase, set the Auth Type radio parameter to Shared. If the AP is configured for network EAP only, set the Auth Type radio parameter to LEAP. To use another encryption type, select WPA CCKM, WPA2 AES or WPA2 CCKM for encryption and complete other entries as detailed in this section. See Sign-On vs. Stored Credentials (page 6-48) for information on entering credentials. To use Stored Credentials, click on the Credentials button. No entries are necessary for Sign-On Credentials as the user will be prompted for the Username and Password when connecting to the network. Enter the Domain\Username (if the Domain is required), otherwise enter the Username. Enter the password. Click OK then click the Commit button. Ensure the correct Active Profile is selected on the Main tab and restart. The SCU Main tab shows the device is asso- ciated after the radio connects to the network.
6 - 59 EAP-FAST To use EAP-FAST, make sure the following profile options are used. Enter the SSID of the Access Point assigned to this profile EAP Type to EAP-FAST Encryption to WPA TKIP Auth Type to Open To use another encryption type, select WPA CCKM, WPA2 AES or WPA2 CCKM for encryption and complete other entries as detailed in this section. The SCU supports EAP-FAST with automatic or manual PAC provisioning. With automatic PAC provisioning, the user credentials, whether entered on the saved credentials screen or the sign on screen, are sent to the RADIUS server. The RADIUS server must have auto provisioning enabled to send the PAC provisioning credentials to the Thor VX9. For automatic PAC provisioning, once a username/password is authenticated, the PAC information is stored on the Thor VX9. The same username/password must be used to authenticate each time. See the note below for more details. For manual PAC provisioning, the PAC filename and Password must be entered. See Sign-On vs. Stored Credentials (page 6-48) for information on entering credentials. The entries on the Credentials screen are determined by the type of credentials (stored or sign on) and the type of PAC provisioning (automatic or manual). Click on the Credentials button. To use Stored Credentials, click on the Credentials button. No entries are necessary for Sign-On Credentials with automatic PAC provisioning as the user will be prompted for the Username and Password when connecting to the net- work. To use Sign-On credentials: Do not enter a User and Password as the user will be prompted for the Username and Password when connecting to the network. To use Stored Credentials:
6 - 60 Enter the Domain\Username (if the Domain is required), otherwise enter the Username. Enter the password. To use Automatic PAC Provisioning: No additional entries are required. To use manual PAC Provisioning: Enter the PAC Filename and PAC Password. The PAC file must be copied to the directory specified in the Certs Path global variable. The PAC file must not be read only. Ta p OK then click the Commit button. Ensure the correct Active Profile is selected on the Main tab and restart. The SCU Main tab shows the device is asso- ciated after the radio connects to the network. Note: When using Automatic PAC Provisioning, once authenticated, there is a file stored in the \Program Files\Summit\cert folder with the PAC credentials. If the username is changed, that file must be deleted. The filename is autoP.00.pac.
6 - 61 EAP-TLS To use EAP-TLS, make sure the following profile options are used. Enter the SSID of the Access Point assigned to this profile EAP Type to EAP-TLS Encryption to WPA TKIP Auth Type to Open To use another encryption type, select WPA CCKM, WPA2 AES or WPA2 CCKM for encryption and complete other entries as detailed in this section. See Sign-On vs. Stored Credentials (page 6-48) for information on entering credentials. Click the Credentials button. No entries except the User Certificate Filename and the CA Certificate Filename are necessary for Sign-On Credentials as the user will be prompted for the User Name when connecting to the network. For Stored Credentials, User Certificate Filename and the CA Certificate Filename must be entered. Enter these items as directed below. Enter the Domain\Username (if the Domain is required), otherwise enter the Username. Select a user certificate from the Windows certificate store. Use the Browse button to locate the User Cert from the certificate store. Highlight the desired certificate and press the Select button. The name of the certificate is displayed in the User Cert box. Some versions of the SCU require a User Cert password. If this entry field is present, enter the password for the user certificate in the User Cert pwd box. If there are no user certificates in the Windows certificate store, follow these instructions for Generate a User Certificate (page 6-68) and Install a User Certificate (page 6-70). See Windows Certificate Store vs. Certs Path (page 6-50) for more information on certificate storage. Check the Validate server checkbox.
6 - 62 If using the Windows certificate store: Check the Use MS store checkbox. The default is to use the Full Trusted Store. To select an individual certificate, click on the Browse button. Uncheck the Use full trusted store checkbox. Select the desired certificate and click Select. You are returned to the Credentials screen. If using the Certs Path option: Leave the Use MS store box unchecked. Enter the certificate filename in the CA Cert textbox. Click OK then click Commit. The Thor VX9 should be authenticating the server certificate and using EAP-TLS for the user authentication. Ensure the correct Active Profile is selected on the Main tab and restart. The SCU Main tab shows the device is asso- ciated after the radio connects to the network. Note: The date must be properly set on the device to authenticate a certificate.
6 - 63 WPA PSK To connect using WPA/PSK, make sure the following profile options are used: Enter the SSID of the Access Point assigned to this profile EAP Type to None Encryption to WPA PSK or WPA2 PSK Auth Type to Open Click the WEP keys/PSKs button. This value can be 64 hex characters or an 8 to 63 byte ASCII value. Enter the key and click OK. Once configured, click the Commit button. Ensure the correct Active Profile is selected on the Main tab and restart. The SCU Main tab shows the device is asso- ciated after the radio connects to the network.
6 - 64 Certificates Note: Please refer to the Security Primer to prepare the Authentication Server and Access Point for communication. Note: It is important that all dates are correct on the Thor VX9 and host computers when using any type of certificate. Certificates are date sensitive and if the date is not correct authentication will fail. Root Certificates are necessary for EAP-TLS, PEAP/GTC and PEAP/MSCHAP. 1.Generate a Root CA Certificate (page 6-64) either from the Thor VX9 or from a PC. 2. If a PC was used to request the certificate, copy the certificate to the Thor VX9. 3.Install a Root CA Certificate (page 6-66). User Certificates are necessary for EAP-TLS 1.Generate a User Certificate (page 6-68)either from the Thor VX9 or from a PC. 2. If a PC was used to request the certificate, Export a User Certificate (page 6-70) and copy the certificate to the Thor VX9. 3.Install a User Certificate (page 6-70). Generate a Root CA Certificate Note: It is important that all dates are correct on the Thor VX9 and host computers when using any type of certificate. Certificates are date sensitive and if the date is not correct authentication will fail. The easiest way to get the root CA certificate is to use a browser on a PC to navigate to the Certificate Authority. To request the root CA certificate, open a browser to http:///certsrv. Sign into the CA with any valid username and password.If using the Windows Certificate Store, the Windows Account must have a password. The password cannot be left blank. The Summit Client Utility uses the Windows user account credentials to access the Certificate Store. The Windows user account credentials need not be the same as the wireless credentials entered in the Summit Client Utility. It may be necessary to use a PC to request the certificate for devices with a Windows 7 operating system. !
6 - 65 Click the Download a CA certificate, certificate chain or CRL link. Make sure the correct root CA certificate is selected in the list box. Click the DER button. To download the CA certificate, click on the Download CA certificate link.
6 - 66 Click the Save button and save the certificate. Make sure to keep track of the name and location of the certificate. The certificate is now ready to install on the Thor VX9. Install a Root CA Certificate Note: This section is only if the Windows certificate store is used. If the certificate store is not used, copy the certificate to the C:\Program Files\Summit\certs folder or other path specified in the Summit Certs global parameter. Copy the certificate file to the Thor VX9. The certificate file has a .CER extension. Locate the file and double-click on it. Follow the Certificate Wizard instructions below. Troubleshooting: If the Certificate Wizard does not start automatically when you double-tap the certificate .CER file, follow the Manual Launch instructions below. For Windows 7, If presented with a security warning, confirm that you want to open the file.