6. Web Interface
Image 6-26
Click Upload Client Certificate.
The client certificate you provide should be signed by the authoritative root CA in your domain and should be linked to the user you
specify in the Identity field. Also, m ake sure that the c lient certificate you provide contains the private key – this is neces sary to set
up the T LS connection successfully.
ClickShare supports 2 form ats for uploading a client certificate:
• PKCS#12 (.pfx) -Anarchivefile format for storing multiple cryptography objects.
• Privacy Enhanced Mail (.pem) – A Bas e64 encoded DER certificate stored between 2 tags:
"-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".
When the p rovided PKC S#12 file also con tains the n ecessary C A certificate the Base U nit will extract it and
verify the chain of trust to avoid that you have to separately provide the CA certificate.
CA certificate
The CA certificate is the certificate of the a uthoritative root CA in your dom ain and will be used in s etting up the EAP-TLS connec tion.
During the wizard the B ase Unit will en sure that it can validate the chain of trust between the Client and CA certificates you provide.
ClickShare supports the common .cr t file extension which can contain a B ase64 encoded DER certificate.
When having problems connecting the Button to your corp orate n etwork, to g et feedback from the Bu tton
please ha ve a look at the ClickShare Client log. This log can be enab led by holding shift w h en starting the
Client executable. Look for the lines “EDSUSBDongleConnection::mpParseDongleMessages”. An error co d e
and a short summary of the issue should be logged.
6.14 Corporate network, using EAP-TTLS
About EAP-TTLS
EAP-TTLS (Tunneled Transport Layer Security) is an EAP implementation by Juniper networks. It is designed to provide authen-
tication that is as strong as E AP-TLS , but it does not require each user to be issued a certificate. Instead, only the authentication
servers are issued certificates. User authentication is performed by password, but the password credentials are transported in a
securely en crypted tunnel established based upon the server certificat es.
User authentication is performed against the same security database that is already in use on the c orporate LAN: for exam ple, S Q L
or LDAP databases, or t oken s ystems. Since EAP-TT LS is usually im plemented in corporate environments without a client certificate
we have not included sup port for this. If you p refer using client certificates per us er we suggest us ing EAP-TLS.
62
R5900004 CLICKSHARE 23/12/2014
To Next Page
Loading...
Need help?
General
