Specifications

ManualsBrandsAlcatel ManualsComputer equipmentOmniAccess AP61

251

252

253

254

255

256

257

258

259

260

802.1x Configuration 231

Chapter 10

Configuration using Pocket PC Embedded

Supplicant

Export Trusted Certification Authority

The first step in enabling 802.1x authentication on Pocket PC devices is to install a trusted certification authority,

if required. If the RADIUS server uses a certificate with a certification path already trusted by the Pocket PC

devices, then this step is not necessary. Certificates purchased from large certificate authorities such as Verisign,

for example, will already be trusted by the clients. If a self-signed certificate is used, the certification path will

need to be installed on the client. To do this, first export the certificate for the root certificate authority into a

standard X.509 file format. This step can be accomplished on any Windows computer where the trusted

certification path has already been installed. Launch the Microsoft Management Console by selecting

Start >

Run

, and entering “mmc” in the box.

In the management console, select

File > Add/Remove Snap-in. Select the Certificates

snap-in.

Typically, a trusted certificate authority certificate can be found in both the

user certificate store and the computer certificate store. When prompted to

select the certificate snap-in, choose “My user account”.

Next, locate the certificate for the trusted certificate authority, right-click on it,

select “All tasks”, then select “Export”.

When prompted, export the key as a DER-encoded binary X.509 file,w.

If given the option, do not export the private key. This option only appears on

the certificate authority itself. Save the file somewhere accessible on the hard

drive.

Install Certificate Authority

The next step of the process is to copy the previously generated X.509

certificate to the Pocket PC client device. To do this, place the X.509

certificate on a machine running ActiveSync that has a partnership

arrangement with a Pocket PC device. The Pocket PC device’s filesystem

should appear under Windows Explorer, and a folder entitled “<mobile device

name> My Documents” should appear on the Windows desktop. Copy the

X.509 certificate file from the host computer to the “My Documents” directory

on the Pocket PC device.

Next, install the certification authority in the Pocket PC device’s certificate

store. To do this, run the Pocket PC File Explorer and navigate to “My

Documents”.