Step 9: Configuring Wireless Clients For Eap-Tls - Extreme Networks Summit WM Technical Reference Manual

3 In the details pane, right-click the certificate you want to export, point to All Tasks, and then click
Import.
4 Type the file name containing the certificate to be imported. (You can also click Browse and navigate
to the file.)
5 If it is a PKCS #12 file, do the following: Type the password used to encrypt the private key.
(Optional) If you want to be able to use strong private key protection, select the Enable strong
private key protection check box. (Optional) If you want to back up or transport your keys at a later
time, select the Mark key as exportable check box.
6 Do one of the following: If the certificate should be automatically placed in a certificate store based
on the type of certificate, select Automatically select the certificate store based on the type of
certificate.
7 If you want to specify where the certificate is stored, select Place all certificates in the following
store, click Browse, and select the certificate store to use.

Step 9: Configuring Wireless Clients for EAP-TLS

If you have configured Wireless Network (IEEE 802.11) Policies Group Policy settings and specified the
use of EAP-TLS authentication (the Smart Card or other Certificate EAP type) for your wireless
network, then no other configuration is needed for wireless clients running Windows XP with SP1,
Windows XP with SP2, or Windows Server 2003.
To manually configure EAP-TLS authentication on a wireless client running Windows XP with SP1,
Windows XP with SP2, or Windows Server 2003, do the following:
1 Obtain properties of the wireless connection in the Network Connections folder. Click the Wireless
Networks tab, then click the name of the wireless network in the list of preferred networks and click
Properties.
2 Click the Authentication tab and select Enable network access control using IEEE 802.1X and the
Smart Card or other Certificate EAP type. This is enabled by default.
3 Click Properties. In the properties of the Smart Card or other Certificate EAP type, select Use a
certificate on this computer to use a registry-based user certificate or Use my smart card for a smart
card-based user certificate. If you want to validate the computer certificate of the IAS server, select
Validate server certificate (enabled by default). If you want to specify the names of the
authentication servers that must perform validation, select Connect to these servers and type the
names.
4 Click OK to save changes to the Smart Card or other Certificate EAP type
To configure EAP-TLS authentication on a wireless client running Windows XP with no service packs
installed, do the following:
1 Obtain properties of the wireless connection in the Network Connections folder. Click the
Authentication tab, and then select Enable network access control using IEEE 802.1X and the Smart
Card or other Certificate EAP type. This is enabled by default.
2 Click Properties. In the properties of the Smart Card or other Certificate EAP type, select Use a
certificate on this computer. If you want to validate the computer certificate of the IAS server,
select Validate server certificate (enabled by default). If you want to ensure that the server's DNS
name ends in a specific string, select Connect only if server name ends with and type the string. For
typical deployments where more than one IAS server is used, type the part of the DNS name that is
common to all of the IAS servers. For example, if you have two IAS servers named
Summit WM Technical Reference Guide, Software Version 5.1
51