SEH myUTN-50a User Manual page 98

Mode of Operation
Requirements
myUTN User Manual Linux
tion. This ensures that the UTN server gets access to protected net-
works.
EAP-TTLS consists of two phases:
• In phase 1, a TLS-encrypted channel between the UTN server and
the RADIUS server will be established. Only the RADIUS server
authenticates itself using a certificate that was signed by a CA.
This process is also referred to as 'outer authentication'.
• In phase 2, an additional authentication method is used for the
communication within the TLS channel. EAP-defined methods
and older methods (CHAP, PAP, MS-CHAP and MS-CHAPv2) are
supported. This process is also referred to as 'inner
authentication'.
The advantage of this procedure is that only the RADIUS server
needs a certificate. Therefore no PKI is needed. Moreover, TTLS sup-
ports most authentication protocols.
 The UTN server is defined as user (with user name and password)
on a RADIUS server.
Proceed as follows:
1. Start the myUTN Control Center.
2. Select SECURITY – Authentication.
3. Select TTLS from the Authentication method list.
4. Enter the user name and the password that are used for the
configuration of the UTN server on the RADIUS server.
5. Select the settings intended to secure the communication in the
TLS channel.
6. To make the connection more secure, you can also install the
root CA certificate of the certification authority that has issued
the certificate of the authentication server (RADIUS) on the UTN
server; see: 'Installing the CA Certificate in the UTN Server'
92
.
Afterwards, select the root CA certificate from the list EAP root
certificate.
7. Click Save & Restart to confirm.
 The settings are saved.
Security
98