Filter
Top Products
151
www.gateway.com
Obtaining a TLS-EAP certificate for a client
Wireless clients configured to use either “WPA with RADIUS” or “IEEE 802.1x” security
modes with an external RADIUS server that supports TLS-EAP certificates must obtain a
TLS certificate from the RADIUS server. This is an initial one-time step that must be
completed on each client that uses either of these modes with certificates. In this
procedure, we use the Microsoft Certificate Server as an example.
To obtain a certificate for a client, follow these steps.
1 Go to the following URL in a Web browser:
https://IPAddressOfServer/certsrv/
Where IPAddressOfServer is the IP address of your external RADIUS server or of the
Certificate Authority (CA), depending on the configuration of your infrastructure.
A security alert opens.
Important If you want to use IEEE 802.1x mode with EAP-TLS certificates for
authentication and authorization of clients, you must have an external
RADIUS server and a Public Key Authority Infrastructure (PKI),
including a Certificate Authority (CA), server configured on your
network. It is beyond the scope of this document to describe the
configuration of the RADIUS server, PKI, and CA server. Consult the
documentation for those products.
Some good starting points available on the Web for the Microsoft
Windows PKI software are: “How to Install/Uninstall a Public Key
Certificate Authority for Windows 2000" at
http://sup-port.microsoft.com/default.aspx?scid=kb;EN-US;231881
and “How to Configure a Certificate Server” at
http://support.microsoft.com/default.aspx?scid=kb;en-us;318710#3.