101R5900102 /11 ClickShare CX-20
5.18 LAN Settings, EAP-TLS security mode
About EAP-TLS
EAP-TLS (Transport Layer Security) is an EAP method based on certificates which allows mutual
authentication between client and server. It requires a PKI (Public Key Infrastructure) to distribute server and
client certificates. For some organizations this might be too big of a hurdle, for those cases EAP-TTLS and
PEAP provide good alternatives. Even though a X.509 client certificate is not strictly required by the standard
it is mandatory in most implementations including for ClickShare. When implemented using client certificates,
EAP-TLS is considered one of the most secure EAP methods. The only minor disadvantage, compared to
PEAP and EAP-TTLS, is that the user identity is transmitted in the clear before the actual TLS handshake is
performed. EAP-TLS is supported via SCEP or manual certificate upload.
How to setup EAP-TLS
1. Select Authentication Mode EAP-TLS.
Image 5–29 EAP-TLS
2. Fill out the Domain and Identity.
3. Select the certification method. Click on the drop down box and select the desired method.
• Manually provide Client & CA certificates
• Auto enrollment via SCEP
Manually providing certificates
1. Upload client certificate. Click on Choose file and browse to the desired file.
Allowed file formats:
• .pfx (PKCS#12)
• .p12 (Base64 encoded DER)
The should at least include the client certificate and corresponding private key.
2. Enter the Client certificate Password.
3. Upload CA certificate. Click on Choose file and browse to the desired file.
The following formats are allowed:
• .pem
• .cer
CX-20 Configurator
To Next Page
Loading...
Need help?
General
