Filter
Top Products
180 AT-TQ2403 - Management Software - User's Guide
Obtaining a TLS-EAP Certificate for a Client
Note: If you want to use IEEE 802.1x mode with EAP-TLS certificates for authentication and
authorization
of clients, you must have an external RADIUS server and a Public Key Authority
Infrastructure (PKI), including a Certificate Authority (CA), server configured on your network.
It is beyond the scope of this document to describe these configuration of the RADIUS
server, PKI, and CA server. Consult the documentation for those products.
Some good starting points available on the Web for the Microsoft Windows PKI software
are: "How to Install/Uninstall a Public Key Certificate Authority for Windows 2000" at
http://support.microsoft.com/defau
lt.aspx?scid=kb;EN-US;231881
and How to Configure a Certificate Server at
http://support.microsoft.com/default.aspx?scid=kb;en-us;318710#3
Wireless clients configured to use either "WPA/WPA2 Enterprise (RADIUS)" or" IEEE 802.1x" security
modes with an external RADIUS server that supports TLS-EAP certificates must obtain a TLS certificate
from the RADIUS server.
This is an initial one-time step that must be completed on each client that uses either of these modes
with certificates. In this procedure, we use the Microsoft Certificate Server as an example.
To obtain a certificate for a client, follow these steps.
1. Go to the following URL in a Web browser:
https://IPAddressOfServer/certsrv/
Where IPAddressOfServer is the IP address of your external RADIUS server, or of the Certificate
Authority (CA), depending on the configuration of your infrastructure.
2. Click Yes to proceed to the secure Web page for the server.
Figure 81: Web Security Alert
The Welcome screen for the Certificate Server is displayed in the browser.