Ca s – Intellinet Network Solutions 524438 User Manual

the authentication phase. The server presents a certificate to the

client and, after validating the server’s certificate, the client presents

a client certificate to the server for validation.

Session Resumption: Click/check the box to activate or de-activate.

ID/Password: Enter the password as the identity for the server.

Client Certification: A client certificate is required for TLS, but is

optional for TTLS and PEAP. This forces a client certificate to be

selected from the appropriate Windows Certificate Store and made

available to the RADIUS server for certification.

Tunneled Authentication/Protocol: When the authentication type is

PEAP or TTLS, select a protocol for building the encrypted tunnel.

Tunnel Authentication: Select one of three options from the drop-

down menu: “EAP-MSCHAPv2,” “EAP-TLS/Smart card” or “Generic

Token Card.”

802.1

x

s

etting

/Ca s

erver

Use certificate chain: When the Extensible Authentication Protocol

(EAP) authentication type — such as TLS, TTLS or PEAP — is

selected and requires certification to tell the client what credentials to

accept from the authentication server in order to verify the server, you

need to enable this function. Choose the preferred server from the

drop-down menu to issue the certificate. If “Any Trusted CA” is

selected, any CA (certification authority) on the list (which is provided

by the Microsoft Certificate Store) is permitted.

Allow intermediate certificates: A server designates an issuer as a

trusted root authority by placing the issuer’s self-signed certificate,

CONFIGURATION

17