Specifications
Step 9: Configuring Wireless Clients for EAP-TLS
Summit WM20 Technical Reference Guide, Software Version 4.2 43
7 If you want to specify where the certificate is stored, select Place all certificates in the following
store, click Browse, and select the certificate store to use.
Step 9: Configuring Wireless Clients for EAP-TLS
If you have configured Wireless Network (IEEE 802.11) Policies Group Policy settings and specified the
use of EAP-TLS authentication (the Smart Card or other Certificate EAP type) for your wireless
network, then no other configuration is needed for wireless clients running Windows XP with SP1,
Windows XP with SP2, or Windows Server 2003.
To manually configure EAP-TLS authentication on a wireless client running Windows XP with SP1,
Windows XP with SP2, or Windows Server 2003, do the following:
1 Obtain properties of the wireless connection in the Network Connections folder. Click the Wireless
Networks tab, then click the name of the wireless network in the list of preferred networks and click
Properties.
2 Click the Authentication tab and select Enable network access control using IEEE 802.1X and the
Smart Card or other Certificate EAP type. This is enabled by default.
3 Click Properties. In the properties of the Smart Card or other Certificate EAP type, select Use a
certificate on this computer to use a registry-based user certificate or Use my smart card for a smart
card-based user certificate. If you want to validate the computer certificate of the IAS server, select
Validate server certificate (enabled by default). If you want to specify the names of the
authentication servers that must perform validation, select Connect to these servers and type the
names.
4 Click OK to save changes to the Smart Card or other Certificate EAP type
To configure EAP-TLS authentication on a wireless client running Windows XP with no service packs
installed, do the following:
1 Obtain properties of the wireless connection in the Network Connections folder. Click the
Authentication tab, and then select Enable network access control using IEEE 802.1X and the Smart
Card or other Certificate EAP type. This is enabled by default.
2 Click Properties. In the properties of the Smart Card or other Certificate EAP type, select Use a
certificate on this computer. If you want to validate the computer certificate of the IAS server,
select Validate server certificate (enabled by default). If you want to ensure that the server’s DNS
name ends in a specific string, select Connect only if server name ends with and type the string. For
typical deployments where more than one IAS server is used, type the part of the DNS name that is
common to all of the IAS servers. For example, if you have two IAS servers named
IAS1.example.microsoft.com and IAS2.example.microsoft.com, then type the string
“example.microsoft.com”. Ensure that you type the correct string, otherwise, authentication will fail.
3 Click OK to save changes to the Smart Card or other Certificate EAP type
To configure EAP-TLS authentication on a wireless client running Windows 2000 SP4, do the following:
1 Obtain properties of the wireless connection in the Dial-up and Network Connections folder. Click
the Authentication tab, and then select Enable network access control using IEEE 802.1X and the
Smart Card or other Certificate EAP type. This is enabled by default.
2 Click Properties. In the properties of the Smart Card or other Certificate EAP type, select Use a
certificate on this computer to use a registry-based user certificate or Use my smart card for a smart
card-based user certificate. If you want to validate the computer certificate of the IAS server, select
Validate server certificate (enabled by default). If you want to specify the names of the