Configure Eap-Ttls Authentication Data For Blackberry Devices Using A Wi-Fi Profile - Blackberry PRD-10459-003 - Enterprise Server For IBM Lotus Domino Administration Manual

Administration Guide
EAP-TTLS authentication requires that BlackBerry devices trust the authentication server certificate. To trust the
authentication server certificate, BlackBerry devices must trust the certificate authority that issued the certificate.
A certificate authority that the BlackBerry devices and the authentication server trust mutually must generate the
authentication server certificate.
Each BlackBerry device stores a list of explicitly trusted certificate authority certificates. BlackBerry devices that use
EAP-TTLS authentication require the root certificate for the certificate authority that created the authentication
server certificate.
To distribute the root certificate to BlackBerry devices, you can use the certificate synchronization tool in BlackBerry®
Desktop Manager or you can enroll the certificate over the wireless network.
For more information about how the BlackBerry® Enterprise Solution supports EAP-TTLS authentication, see the
BlackBerry Enterprise Server Security Technical Overview.
Configure EAP-TTLS authentication data for BlackBerry devices using a Wi-
Fi profile
If BlackBerry® device users in your organization's environment use BlackBerry® 7270 smartphones, you must
configure user names and passwords using IT policy rules instead of configuration settings.
1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-
Fi configuration.
2. Click Manage Wi-Fi profiles.
3. Click the name of the Wi-Fi® profile that you want to change.
4. Click Edit profile.
5. On the Wi-Fi profile settings tab, perform the following actions:
• In the Wi-Fi User Name field, type the user name for EAP-TTLS authentication.
• In the Wi-Fi User Password field, type the password for EAP-TTLS authentication.
6. If required, configure the following configuration settings:
• Wi-Fi Link Security
• Wi-Fi Hard Token Required
• Wi-Fi Server Subject
• Wi-Fi Server SAN
• Wi-Fi Disable Server Certificate Validation
7. Click Save All.
After you finish:
• For more information about configuration settings, see the BlackBerry Enterprise Server Policy Reference Guide.
• Resend the IT policy that you assign to the user accounts to Wi-Fi enabled BlackBerry devices.
• Distribute the certificates.
Related topics
Prerequisites: Distributing a certificate using the BlackBerry Desktop Manager, 214
Creating and configuring Wi-Fi profiles, 200
218
Configuring EAP-TTLS authentication