6. CSE-200 Configurator
Image 6-22
Necessary Data to co ntinue:
Domain
The company domain for which you are enrolling, sho uld match with the one defined in your Active
Directory.
Identity
Identity of the us er accoun t in the Active Directory which will be used by the ClickShare B uttons to
connect to the corporate network. W hen us ing EAP-TLS make sure that the necessary m apping
exists between the Client Certificate issued b y your CA and this u ser account.
Corporate S SID The S SID of your corporate wireless infrastructure to which the ClickShare Buttons will connec t.
Click Next to continue with the upload of the client certificate.
Click Upload Client Certificate.
The client certificate you provide should be signed by the authori
tative roo t CA in your doma in and should be linked to the user y ou
specify in the Identity field. Also, m ake sure that the client certificate you provide c ontains the private key – this is neces sary to set
up the TLS connection successfully.
ClickShare supports 2 f ormats for uploading a client certificate:
• PKCS#12 (.pfx) -Anarchivefile form at for storing multiple cryptography objects.
• Privacy Enhanced M ail (.pem) – A Bas e64 encoded DER certificate stored between 2 tags:
"-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".
When the provided PKCS#12 file also co ntains the necessary CA certificate t he Base U nit w ill ext ract it and
verify the chain of trust to avoid that you have to separately p rovide the CA certificate.
CA certificate
The CA certificate is the certificate of the a uthoritative root CA in your dom ain and will be used in s etting up the EAP-TLS connec tion.
During the wizard the Base Unit will en sure that it can validate the chain of trust between the Client and CA cer tific ates you provide.
ClickShare supports the comm on .crt file extension which can contain a Base64 encoded DER certificate.
When having p roblems connecting t he Button to your corporate netw ork, to get feedb ack from the Button
please have a look at the C lickShare Client log. This log can b e pressing the holding Shift key when starting
the Client executable. Look for the lines “EDSUSBDongleConnection::mpParseDong leMessages”. An error
code and a short summary of the issue should be logged.
6.13 Network int egration, EAP-TTLS security mode
About EAP-TTLS
EAP-TTLS (Tunneled Trans port Layer Security) is an E AP implem entation by Juniper networks. It is designed to provide authen-
tication that is as strong as E AP- TLS, but it doe s not require each user to be issued a certificate. Instead, only the authentication
servers are issued certificates. User authentication is performed by password, but the password credentials are transported in a
securely encrypted tunnel established based upon the server certificates.
User authentication is performed against the sam e security database that is already in use on the c orporate LAN: for example, SQ L
or LDAP databases, or token system
s. Since EAP-TT LS is usually implemented in corporate environments without a client certificate
we hav e not included support for this. If you prefer using client certific ates per user we suggest us ing EAP-TLS .
How to start up for EAP-TTLS
1. LogintotheConfigurator.
44
R5900023 CSE-200 11/04/2016
To Next Page
Loading...
Need help?
General
