DLS - Certificate Management for 802 1x 3 - wiki.unify.com · vice ID is their 6-Byte Mac-Address...

Technical Description

Communication for the open minded

Siemens Enterprise Communications www.siemens-enterprise.com

Version: 1.01

Date: 2009-05-26

OpenScale Baseline Security Office

Siemens Enterprise Communications GmbH & Co. KG

DLS - Certificate Management for 802.1x/EAP-TLS

Technical Description DLS - Certificate Management for 802.1x/EAP-TLS

Version 1.01, 2009-05-26

1 Abstract This Technical Description provides

� An overview of the concept how the DLS (Deployment Service) manages certifi-cates - in general, and in particular for use by VoIP Phones in 802.1x-enabled net-works. The focus is on OpenStage phones, but similarly applies to optiPoint 410/420 and optiPoint WL2 Professional.

� Direct references to the relevant configuration screens in DLS The description is based on the currently released version DLS V2 R4. Further information and more details can be found in the associated documenta-tion:

/1/ White Paper: Layer 2 authentication on VoIP phones (802.1x) http://wiki.siemens-

enterprise.com/images/c/cb/Layer_2_authentication_on_VoIP_phones_(802.1x).pdf

/2/ Administration Manual: IEEE 802.1x Configuration Management http://wiki.siemens-enterprise.com/images/2/23/IEEE_802.1X_Configuration_Management.pdf

/3/ Slide set "DLS at a Glance" http://wiki.siemens-enterprise.com/images/f/f7/Deployment-Service-at-a-Glance.pdf

/4/ Administration Manual: Deployment Service The most up-to-date version is part of the DLS delivery; find it on CD – or after installation in the

DLS installation folder. The file name is: doc\Deployment-Service_en.pdf

/5/ Interface Documentation: DlsAPI (WebServices Interface of DLS) The most up-to-date version is part of the DLS delivery; find it on CD – or after installation in the

DLS installation folder. The file name is: api\doc\index.html

1.1 History of Change

Date Version What

2009-05-20 1.00 Initial release by SB; input from UG,EN, KN, MP

2009-05-26 1.01 Added comments from MM, MP


Version 1.01, 2009-05-26

1.2 Contents

1 Abstract 2 1.1 History of Change 2 1.2 Contents 3

2 Overview and General Concept 4 2.1 Deployment Service (DLS) at a Glance 4 2.2 Certificate Management in DLS 4 2.2.1 Certificates for Various Purposes 4 2.2.2 Types of Certificates Managed by DLS 4 2.3 802.1x Specifics 5 2.3.1 802.1x Overview 5 2.3.2 The 802.1x Device Certificate 6 2.3.3 The Enterprise Server CA Certificate 6 2.3.4 A Second Enterprise Server CA Certificate 7

3 Configuration in DLS 8 3.1 Import and Deployment of Certificates via DLS 8 3.1.1 Overview 8 3.1.2 Screen "IEEE 802.1x" 8 3.1.3 "Import Certificate" - Dialog 10 3.1.4 "Remove Certificate" - Dialog 12 3.1.5 "Import Certificate for Template" - Dialog 13 3.1.6 "Remove Certificate from Template" - Dialog 14 3.1.7 "Apply Template" 15 3.2 Automatic Deployment of the Root CA Certificate 15 3.2.1 Overview 15 3.2.2 Step-by-Step 16 3.2.3 Automatic Deployment of PSEs (Phone Certificates) 16 3.3 Monitor Lifetime of Certificates 17 3.3.1 Capabilities in the DLS GUI 17 3.3.2 DLS Alarm Configuration 17

4 Outlook to DlsAPI Capabilities 18

5 Terms and Abbreviations 19 5.1 Abbreviations 19 5.2 Terms 19


Version 1.01, 2009-05-26

2 Overview and General Concept

2.1 Deployment Service (DLS) at a Glance Refer to the slide set in /3/ for a quick overview on DLS itself, plus particular features

being used in the context of this document: http://wiki.siemens-enterprise.com/images/f/f7/Deployment-Service-at-a-Glance.pdf

2.2 Certificate Management in DLS 2.2.1 Certificates for Various Purposes Electronic certificates are used for various authentication purposes by the IP devices managed by DLS. This includes:

� Certificates for use in 802.1x-enabled network access (EAP-TLS)

� Certificates for use in secure voice communication (TLS for signalling, SRTP for payload)

� Certificates for use by IP devices' integrated web server (https)

� Certificates for other purposes, to ensure authenticated and encrypted communi-cation with applications, directories etc.

Note that this document does not cover certificates used by DLS for its own pur-poses – i.e. for securing its own interfaces, like the DLS' own WebService interfaces (GUI and DlsAPI) and the interface with the managed IP devices (WPI). Independence of certificates: By design, the certificates being used for various purposes are identified and config-ured independently – in both the DLS and the managed IP device. This means that – if a customer wants to use the same certificate for two different purposes (e.g. the CA certificate to authenticate a RADIUS server in 802.1x to be used for authentica-tion of a LDAPS server as well) – he/she needs to configure and maintain it twice. Although this generates some configuration overhead, customers and administra-tors benefit from full flexibility: They are able to implement certificate management procedures and policies individually per purpose without restrictions caused by "built-in" dependencies. 2.2.2 Types of Certificates Managed by DLS In general, DLS does not provide an own CA, but just transparently deploys the cer-tificates issues by a separate CA (the customer's Enterprise PKI) to the managed IP devices. The only exception is the DLS feature "Automatic SPE Configuration", as described in /2/ /4/, chapter 6.10. This feature creates a DLS-internal CA and associated certifi-

cates and deploys them for activation of Signalling and Payload encryption in Hi-Path 4000 / HiPath 3000 networks. The use of this feature is recommended only for customers that don't have or don't want to use their own PKI to issue certificates, but use VoIP encryption anyway. There is a significant commonality among the various purposes, certificates are be-ing used: they all make use of the TLS protocol, either with authentication of the


Version 1.01, 2009-05-26

server by the client only, or with mutual authentication (MTLS), where the server authenticates the client as well. All certificates have to be in the ITU-T standard X.509 V3 (according to RFC 5280). Different properties and limitations apply to the individual use of certificates. How-ever, these properties are transparent to DLS, thus the DLS will accept any certificate that is conformant with the X.509 V3 specification. In total, there are only two different types of certificates relevant for being managed by DLS and deployed to the IP devices:

� "PSE": used by the device to prove its own identity against its communication partner. Contains the private key and the public key, plus a certificate chain up to (but excluding) the root CA. The DLS requires the PSE to be available in a PCKS#12-formatted (passphrase-protected) file. Common file extensions are .p12 or .pfx To manage PSEs for a huge list of devices it is convenient to create them

o using the same passphrase and

o to name the files according to their device ID (for IP phones, the de-vice ID is their 6-Byte Mac-Address in format aabbccddeeff).

For details see chapter 3.1 below.

� "CA Certificate": used by the device to authenticate its communication partner. Contains the public key of the CA. The DLS requires the CA Certificate to be available in DER format or PEM for-mat (i.e. Base64-encoded DER). Common file extensions are .cer, .crt or .pem

2.3 802.1x Specifics 2.3.1 802.1x Overview 802.1x authenticates a device (PC, printer, VoIP phone etc.) to the corporate IP net-work and allows the access switch (where the device is attached to) to enforce an access control policy. For more information on 802.1x see /1/ (which also contains

further links) and /2/.

The access switch itself hands over the authentication process to a RADIUS server, which is specialized in authentication and authorization functionalities. The authen-tication between the device and the RADIUS server is based on the protocol EAP. EAP knows a lot of different authentication methods. The authentication method supported by all SEN Phones is EAP-TLS. EAP-TLS is based on electronic certificates (format X.509v3) and MTLS (mutually authenticated TLS) is used between the network device and the RADIUS server. This means that:

� Both the client (here: the VoIP phone/workpoint) authenticates the server

� And the server (here: the RADIUS server) authenticates the client

� By using certificates and associated private keys.


Version 1.01, 2009-05-26

Figure 1: 802.1x with PKI in operation

Thus, two different certificates are required for DLS to enable an IP device for EAP-TLS: 2.3.2 The 802.1x Device Certificate In DLS, this is called the "Phone Certificate" in the IEEE 802.1x configuration screens and is of type "PSE". The following picture outlines its context:

Figure 2: Use of PSEs in 802.1x

2.3.3 The Enterprise Server CA Certificate In DLS, this is called the "RADIUS Server CA Certificate 1" in the IEEE 802.1x configu-ration screens and is of type "CA Certificate".


Version 1.01, 2009-05-26

The following picture outlines its context:

Figure 3: Use of CA certificates in 802.1x

2.3.4 A Second Enterprise Server CA Certificate OpenStage Phones also support a second Enterprise Server CA certificate, called the "RADIUS Server CA Certificate 2". During EAP-TLS authentication process, the phones accept RADIUS servers with a valid certificate issued by either CA. This may be used, if two different CAs are active in the enterprise network. If CA is to be changed (e.g. current CA certificate is going to expire), the following process allows smooth changeover to the new CA: 1. Create New CA and export new CA certificate as PEM or CER file 2. Import new CA certificate into DLS 3. Deploy to all phones as additional CA certificate; from now on, phones accept all

RADIUS servers with PSE issued either by old or by new CA 4. Exchange PSE on RADIUS servers 5. When exchange is done: remove old CA certificates from phones (DLS: deploy-

ment of an empty RADIUS Server CA certificate); from now on, phones accept RADIUS servers with PSE issued by new CA only


Version 1.01, 2009-05-26

3 Configuration in DLS

3.1 Import and Deployment of Certificates via DLS 3.1.1 Overview This chapter describes the capabilities of the DLS GUI how to import certificates into DLS, deploy ("activate") them to associated IP devices Further information on this can be found in /4/, chapters 7.1.23 and 16.12.

Starting with V2 R4, DLS provides a new feature that allows for automatic deploy-ment of certificates which are common to all or a subset of IP devices. See chapter 3.2 below

. In general, the handling of certificates via the DLS GUI is based on the same princi-ples and features that are also used for other device configuration parameters and objects. This applies especially to search, sort, save capabilities as well as the use of templates, device profiles and plug and play. If you are not yet familiar with the DLS GUI, refer to /4/, chapter 5 for general DLS

GUI overview, and to chapter 15.4 for the use of templates. The following description focuses on the administration steps that are specific to the management of certificates. Certificates can be imported in several ways:

1. import a certificate for a single device 2. import a certificate for multiple devices (bulk import) 3. import individual certificate for a single device 4. import individual certificates for multiple devices (bulk import) 5. import a certificate into a template for later use 6. apply template for a single device 7. apply template for multiple devices (bulk)

Accordingly the certificates can also be removed

1. remove a certificate from a single device 2. remove certificates from several devices (bulk remove) 3. remove certificate from a template

These actions shall be explained in detail using IEEE 802.1x screen as example. 3.1.2 Screen "IEEE 802.1x" There are 3 similar tab sheets to handle…

� Phone Certificate:

� mandatory certificate, used for the phone's own authentication, see 2.3.2)

� Radius Server CA Certificate 1 and Radius ServerCA Certificate 2:


Version 1.01, 2009-05-26

� One CA certificate is mandatory, used by the phone to authenticate the server, see 2.3.3

� The second CA certificate is optional; for its purpose refer to 2.3.4

Each tab shows certificate specific information, both, for an "Active certificate", i.e. the certificate is already activated in the device and an "Imported certificate", i.e. the certificate that is currently imported into DLS for the selected device(s).

Figure 4: IEEE 802.1x configuration screen

Status Active/Import:

� The status is set automatically after a certificate import (or remove) or after read from a device, dependant on a certificate is imported and/or existing in the device and if these certificates are different or not.

� Values: "no certificate", "different", "equal", "no active certificate" or "no imported certificate".

Serialnumber / Owner / Issuer / Valid from / Valid to / Fingerprint (SHA1) / Ex-pires in … / Alarm Status

� Detailed information of a certificate. These values are read-only an only for use in the search view.

Activate Certificate (Phone) / (Radius 1) / Radius 2)

� If checked, the imported certificate is activated automatically when the record is saved. Afterwards the box is reset to unchecked.


Version 1.01, 2009-05-26

GENERAL:

� The buttons "Import Certificate" and "Remove Certificate" are shown in the object view only. Pressing "Import Certificate" opens a dialog mask to enter more details.

3.1.3 "Import Certificate" - Dialog

Figure 5: "Import Certificate" - Dialog

Device ID:

� Shows the device ID (either MAC-Address or e164-number) for the selected de-vice. This field is not editable.

Certificate Type:

� The IEEE 802.1x screen supports the import of 3 different certificate types. The radio buttons are initialized dependent on the currently used tab sheet of the IEEE 802.1x screen.

� For the certificate type "Phone Certificate" the input of "Filename" and "Passphrase" is mandatory. For the RADIUS certificates only "Filename" is neces-sary.

Individual certificate files ... :

� If checked, the selected object(s) will get individual certificates instead of the same certificate for all objects


Version 1.01, 2009-05-26

� Individual certificates are assigned using a fixed filename format (see "Certificate File Names based on…"

� For individual certificates instead of a filename a directory must be specified, where the individual files are located

� If unchecked, the radio buttons for "Certificate File Names based on…" is not avail-able

Certificate File Names based on ... :

� Radio buttons to define whether the filename for individual certificates is based on the objects MAC address or e164 number.

� The message box shows the according sample filename, e.g. 0001E3261E01.p12 based on the MAC address, or 498972212345.p12 based on the e164 number.

Import certificate to DLS and activate on device (1-step):

� Option to import certificate not only into DLS database, but additionally activate this certificate on the device within one step. Thus the user does not have to acti-vate the certificate in a further step.

Filename / Directory:

� If "Individual certificate files …" is unchecked, a filename is expected, otherwise a directory where the individual files are located

� Filename/Directory can be specified directly, or using the "Browse"

� Allowed file formats are specified in the file browser automatically - PKCS#12 format for the phone certificate or PEM for the RADIUS certificates.

Browse Button:

� Opens a file browser dialog with a filter on the relevant file types for PEM or PKCS#12 format

Passphrase:

� Mandatory for "Phone Certificate" (PKCS#12 format), otherwise not editable. OK

� The specified certificate will be imported for the current object. Cancel

� Cancels the import operation for the current object. In case of a bulk import, the import proceeds with the next object.

Apply to all

� This button only appears in case of a bulk import (if more than 1 object is left)

� If pressed once, a message appears for sure and the user has to confirm by press-ing it again. Not till then the certificate is imported to all marked objects.

Cancel all

� This button only appears in case of a bulk import (if more than 1 object is left)

� All certificates imported till then stay imported. For all certificates remaining the import operation is cancelled

GENERAL:

� DLS verifies the input. Erroneous or missing input causes in an error message in the message area.


Version 1.01, 2009-05-26

� Accepted input is stored for later use of this dialog window (within the same ses-sion)

� "Cancel" or erroneous processing causes an error message in the IEEE 802.1x screen

� After an import a refresh of the IEEE 802.1x screen is done (unless an error mes-sage is to be displayed)

3.1.4 "Remove Certificate" - Dialog

Figure 6: "Remove Certificate" - Dialog

Device ID:

� Shows the device ID (either MAC-Address or e164-number) for the selected de-vice. This field is not editable.

Certificate Type:

� The IEEE 802.1x screen supports the import of 3 different certificate types. The radio buttons are initialized dependent on the currently used tab sheet of the IEEE 802.1x screen.

Remove certificate from DLS and device (1-step):

� Option to remove certificate not only from DLS database, but additionally re-moves it on the device within one step. Thus the user does not have to activate the "empty" certificate in a further step.

OK

� The specified certificate will be removed for the current object. Cancel

� Cancels the remove operation for the current object. In case of a bulk remove, the remove proceeds with the next object..


Version 1.01, 2009-05-26

Apply to all

� This button only appears in case of a bulk remove (if more than 1 object is left)

� If pressed once, a message appears for sure and the user has to confirm by press-ing it again. Not till then the certificate is removed for all marked objects.

Cancel all

� This button only appears in case of a bulk remove (if more than 1 object is left)

� All certificates removed till then are really removed. For all certificates remaining the remove operation is cancelled.

GENERAL:

� After the remove operation a refresh of the IEEE 802.1x screen is done (unless an error message is to be displayed)

3.1.5 "Import Certificate for Template" - Dialog There are several ways to get a certificate into a template:

1. from scratch: i. go to template view ii. import a certificate iii. save the template as a new one

2. import certificate to existing template: i. go to template view ii. load an existing template (button "Get") iii. import a certificate iv. save the template

3. derive template from an existing device containing a certificate: i. go to search view ii. select a device iii. save as template

For variants 1 and 2 the "Import Certificate for Template" dialog appears


Version 1.01, 2009-05-26

Figure 7: "Import Certificate for Template" - Dialog

Template:

� If a template is built from scratch the template name is unknown.

� If it is derived from an existing device the name is derived from its device id.

� The field is not editable. All other fields and buttons:

� The functionality of all other fields and buttons is rather the same as for the nor-mal "Import" scenario. Please refer to the respective description above.

GENERAL:

� There is no individual import for templates. That is obvious, since we do know neither a MAC address nor a e164 number at this time.

� There is no 1-step option, since we do not activate the certificate at this moment.

� After importing a certificate for a template, the certificate is created and known to DLS. But it is not referenced to the template unless the template itself is saved - so do not forget to save the template.

3.1.6 "Remove Certificate from Template" - Dialog


Version 1.01, 2009-05-26

Figure 8: "Remove Certificate from Template" - Dialog

All fields and buttons:

� The functionality of all other fields and buttons is rather the same as for the nor-mal "Remove" scenario. Please refer to the respective description above.

� There is no 1-step option either. GENERAL: To make the template know about the removed certificate, do not forget to save the template itself. 3.1.7 "Apply Template" … is a standard operation in DLS. There is no special handling for certificates. The procedure is as follows:

1. go to template view 2. load template 3. go to object view (or table view for bulk operation) 4. select Action -> Apply Template

… and do not forget to save the object

3.2 Automatic Deployment of the Root CA Certificate 3.2.1 Overview Starting with V2 R4, DLS provides a new feature that allows for automatic deploy-ment of certificates which are common to all or a subset of IP devices. This usually applies to all CA certificates, as they belong to the Enterprise PKI's issu-ing CA and are therefore identical to all purposes.


Version 1.01, 2009-05-26

In the 802.1x context, this feature automates the provisioning of the RADIUS Server CA Certificate(s) to the IP devices. First refer to /3/ to get an overview on the Auto-Configuration principles of DLS.

More configuration details can be found in /4/, chapters 6.2.1 and 6.11.

Figure 9: New dialog in DLS V2 R4 – Automatic Certificate Deployment

3.2.2 Step-by-Step The basic administration steps to achieve automatic certificate deployment are:

1. Optionally configure customer-specific locations or use the "Default Location" (-> follow-up steps apply to all IP devices).

2. Create a Certificate Deployment Task

3. Assign it to an existing location and specify the deploy date

4. Specify the certifcate type (e.g. RADIUS Server CA Certificate 1) to be used and import the corresponding certificate for automatic deployment.

The certificate deployment (activation) will be done automatically starting at the specified date and time and takes in effect for all IP devices (that support the specified certificate type).

Similar to the automatic SW deployment (i.e. automatic update of IP devices with new SW images), deployment restrictions can be specified to avoid that the auto-matic deployment takes in effect at undesired times (e.g. during working hours). 3.2.3 Automatic Deployment of PSEs (Phone Certificates) The Automatic Certificate Deployment is preferably used to deploy CA Certificates, as the same certificate is configured for all affected IP devices. However, it can optionally also be used for the 802.1x phone certificates, which are of type PSE. Although an individual PSE are intended to be used by a single device only, DLS does not place a restriction here.


Version 1.01, 2009-05-26

Provided that the Enterprise PKI does not dictate the use of individual PSEs, e.g. bound to their MAC address, this approach can be used for full automation of 802.1x certificate handling. The disadvantages of this approach are obvious, especially due to the inability to revoke an individual device's certificate: It is not possible to exclude e.g. broken, stolen or lost devices from valid authentication to the 802.1x network.

3.3 Monitor Lifetime of Certificates 3.3.1 Capabilities in the DLS GUI DLS extracts all attributes of the certificates it manages to store them as separate data in its database. This allows the administrator to apply all DLS GUI functions on particular certificate properties, as if they were common configuration parameters. That way, an administrator can for example easily select all or a defined set of de-vices, and sort them according to the days until a particular certificate expires. Thus, he/she may get a quick overview of devices, where a replacement of the certificate becomes necessary. 3.3.2 DLS Alarm Configuration DLS includes alarming capabilities that can be used to inform administrators or monitoring / fault management systems about important events that happen during (unattended) operation of the DLS server. Various alarm classes (events) are defined, among them is the impending Certificate Expiration. For this event you may specify the number of days to get warned before a certificate expires (e.g. 14 days), and the time period, this check is automatically repeated by DLS (e.g. daily). Three methods are offered for the administrators or monitoring systems to be in-formed – they can be activated in parallel

� SNMP Trap

� SMTP Email

� A command file (.bat on the DLS server) for any customized application to be started from there. This may lead to the creation of an SMS, distribute the event to various applications etc.

The configuration capabilities are described in detail in /4/, chapters 6.2.1 and 6.11.


Version 1.01, 2009-05-26

4 Outlook to DlsAPI Capabilities Refer to /3/ and to /4/, chapter 16.10 for a first overview of the DlsAPI.

/5/ contains the DlsAPI interface documentation.

Starting with DLS V2 R4, the DlsAPI v200 adds a new Area of Concern "802.1x". It provides the necessary configuration items (parameters) to add/modify/delete/query the certificates to be used for 802.1x for selected IP devices: A certificate lifecycle middleware between the DLS and the Enterprise PKI could therefore be implemented to automate the lifecycle of device certificates being is-sued for and used by the IP devices. Note however, that there is no reference implementation or proof of concept yet available.

Figure 10: Possible Certificate Lifecycle Management for 802.1x


Version 1.01, 2009-05-26

5 Terms and Abbreviations

5.1 Abbreviations

CA Certification Authority DLS Deployment Service EAP Extensible Authentication Protocol EAP-TLS EAP with TLS authentication method GUI Graphical User Interface HFA HiPath Feature Access (SEN proprietary signaling protocol) HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure (HTTP over TLS) LDAP Lightweight Directory Access Protocol LDAPS Lightweight Directory Access Protocol Secure (LDAP over TLS) MG Media Gateway MGCP Media Gateway Control Protocol MTLS Mutual TLS Authentication OCSP Online Certificate Status Protocol OSC OpenScape PKCS Public Key Cryptography Standards PKI Public Key Infrastructure PSE Personal Security Environment RADIUS Remote Authentication Dial-In User Service RTP Real-Time Transport Protocol SEN Siemens Enterprise Communications SIP Session Initialization Protocol SPE Signaling & Payload Encryption SRTP Secure Real-Time Transport Protocol TLS Transport Layer Security UC Unified Communication WBM Web based Management WPI WorkPoint Interface

5.2 Terms

EAP-TLS EAP-Transport Layer Security or EAP-TLS, defined in RFC 5216, is an IETF open standard, and is well-supported among wireless vendors. The secu-rity of the TLS protocol is strong, as long as the certificate status is checked. It uses PKI to secure communication to the RADIUS authentica-tion server.

PSE Data structure including an asymmetric key pair (normally RSA keys) and the belonging electronic certificate. The certificates of the issuing CA and of the root CA can be included. A PSE can be stored on a token (smart card, secure USB token) or in a PKCS#12 file.

WPI WorkPoint Interface – https/XML-based Interface between DLS and its managed IP devices


Communication for the open minded

Siemens Enterprise Communications www.siemens-enterprise.com

©Siemens Enterprise

Communications GmbH & Co. KG

Siemens Enterprise

Communications GmbH & Co. KG is a Trademark Licensee of Siemens AG

Status 03/2009

The information provided in this brochure contains merely

general descriptions or characteristics of performance

which in case of actual use do not always apply as described

or which may change as a result of further development

of the products. An obligation to provide the respective

characteristics shall only exist if expressly agreed in the

terms of contract. Availability and technical specifica-

tions are subject to change without notice. OpenScape,

OpenStage and HiPath are registered trademarks of

Siemens Enterprise Communications GmbH & Co. KG.

All other company, brand, product and service names are

trademarks or registered trademarks of their respective

holders. Printed in Germany.

About Siemens Enterprise Communications Group (SEN Group)

The SEN Group is a premier provider of enterprise communications solutions. More than 14,000 employees in 80 coun-

tries carry on the tradition of voice and data excellence started more than 160 years ago with Werner von Siemens and

the invention of the pointer telegraph. Today the company leads the market with its "Open Communications" approach that enables teams working within any IT infrastructure to improve productivity through a unified collaboration experi-

ence. SEN Group is a joint venture between the private equity firm, The Gores Group, and Siemens AG and incorporates

Siemens Enterprise Communications, Enterasys Networks, SER Solutions, Cycos and iSEC.

For more information about Siemens Enterprise Communications, please visit www.siemens-enterprise.com

DLS - Certificate Management for 802 1x 3 - wiki.unify.com · vice ID is their 6-Byte Mac-Address...

Documents

Transcript of DLS - Certificate Management for 802 1x 3 - wiki.unify.com · vice ID is their 6-Byte Mac-Address...