Wi-Fi Settings, Wireless Client, Eap-Ttls - Barco CX-20 Installation Manual

File should at least contain the root CA certificate for your domain.
4. Save Changes
Using SCEP
The Simple Certificate Enrolment Protocol (SCEP) is a protocol which enables issuing and revoking of
certificates in a scalable way. SCEP support is included to allow a quicker and smoother integration of the
ClickShare Base Unit and Buttons into the corporate network. Since most companies are using Microsoft
Windows Server and its active directory (AD) to manage users and devices our SCEP implementation is
specifically targeted at the Network Device Enrolment Service (NDES) which is part of Windows Server 2008
R2 and Windows Server 2012. No other SCEP server implementations are supported.
Image 6–21 Wi-Fi Settings, Wireless Client, EAP-TLS, SCEP
SCEP ServerIP/ This is the IP or hostname of the Windows Server in your network running the NDES
hostname service. By default HTTP is used.
E.g.: http://myserver or http://10.192.5.1
SCEP User name This is a user in your Active Directory which has the required permission to access the
NDES service and request the challenge password. To be sure of this, the user should
be part of the CA Administrators group (in case of a stand-alone CA) or have enroll
permissions on the configured certificate templates.
SCEP Password The corresponding password for the identity that you are using to authenticate on the
corporate network. Per Base Unit, every Button uses the same identity and password
to connect to the corporate network.
Click Save Changes to save the settings.

6.13 Wi-Fi settings, Wireless Client, EAP-TTLS

About EAP-TTLS
EAP-TTLS (Tunneled Transport Layer Security) is an EAP implementation by Juniper networks. It is designed
to provide authentication that is as strong as EAP-TLS, but it does not require each user to be issued a
certificate. Instead, only the authentication servers are issued certificates. User authentication is performed by
password, but the password credentials are transported in a securely encrypted tunnel established based
upon the server certificates.
User authentication is performed against the same security database that is already in use on the corporate
LAN: for example, SQL or LDAP databases, or token systems. Since EAP-TTLS is usually implemented in
corporate environments without a client certificate we have not included support for this. If you prefer using
client certificates per user we suggest using EAP-TLS.
How to start up for EAP-TTLS
1. Select EAP-TTLS from the drop down list next to Authentication Mode.
CX-20 Configurator
R5900102 /04 CX-20 77