Tunneled authentication area
Tunneled authentication parameters are used by only by TLS, TTLS and PEAP protocols, in Phase 2 of authentication, and
after the secure tunnel has been established. The fields in this section are active only if TLS, TTLS, or PEAP is selected as
the Authentication type.
7 - 28
This is the 802.1X identity supplied to the authenticator. The identity value can be up to 63 ASCII
characters and is case-sensitive.
For tunneled authentication protocols such as TTLS and PEAP, this identity (called the Phase 1
identity) is sent outside the protection of the encrypted tunnel. Therefore, it is recommended that
this field not contain a true identity, but instead the identity "anonymous" and any desired realm
(e.g. firstname.lastname@example.org). For TTLS and PEAP, true user credentials (Phase 2 identity)
are entered in the Tunneled authentication section.
Note: When used with PEAP and the .NET Enterprise Server Version 5.2, this field must contain
the identity used in both Phase I and Phase II. The Phase II identity field is ignored.
This is the password used for MD5-Challenge or LEAP authentication. It may contain up to 63
ASCII characters and is case-sensitive. Asterisks appear instead of characters for enhanced
This is the authentication method to be used - MD5-Challenge, LEAP, PEAP, TLS, or TTLS.
Your network administrator should let you know the protocols supported by the RADIUS server.
The RADIUS server sits on the network and acts as a central credential repository for Access
Servers that receive the radio signals and ultimately block or allow users to attach to the network.
This is the certificate to be used during authentication. A certificate is required for TLS, optional
for TTLS and PEAP, and unused by MD5 and LEAP. Therefore, this option becomes active only
when TLS, TTLS, or PEAP is selected as the Authentication type.
If Use certificate is enabled, the client certificate displayed in the field is the one that is passed
to the server for verification.
To select a client certificate, tap Change and select the certificate from the list that appears.
To appear in this list, certificates must be installed in the system, for a description of this process
Installing Certificates with CertAdd
The Issued to field should match the Identity field and the user ID on the authentication server
(i.e., RADIUS server) used by the authenticator.
Your certificate must be valid with respect to the authentication server. This generally means that
the authentication server must accept the issuer of your certificate as a Certificate Authority.
Note: When obtaining a client certificate, do not enable strong private key protection. If you
enable strong private key protection for a certificate, you will need to enter an access
password for the certificate each time this certificate is used.
The user identity used in Phase 2 authentication. The identity specified may contain up to 63
ASCII characters, is case-sensitive and takes the form of a Network Access Identifier, consisting
of <name of the user>@<user's home realm>. The user's home realm is optional and indicates
the domain to which the tunneled transaction is to be routed.
Note: Because Microsoft .NET Enterprise Server Version 5.2 does not use this parameter for
PEAP, This field will have no effect for PEAP at this time. Phase 1 identity is used instead.
Dolphin® 9500 Series Mobile Computer User's Guide