Using EAP-TLS Security
To use EAP-TLS security In the Atheros Client Utility, access the
Security tab in the Profile Management window.
- On the Security tab, choose the WPA radio
button.
OR: On the Security tab, choose the 802.1x radio
button.
- Choose EAP-TLS
from the drop-down menu.
Enabling
EAP-TLS security:
To use EAP-TLS security, the machine must already
have the EAP-TLS certificates downloaded onto it. Check with the IT manager.
- If EAP-TLS is supported, choose EAP-TLS from
the drop-down menu on the right, then click the Configure
button.
- Click Configure. The Define Certificate window appears.
- Check the Use Machine Information for Domain Login check box if you want the client to attempt to log into a domain using machine authentication with a machine certificate and machine credentials rather than user authentication. Doing so enables your computer to connect to the network prior to user logon. The default setting is unchecked.
Note: If you do not check the Use Machine Information for Domain Logon check box, machine authentication is not performed. Authentication does not occur until you log on.
- Check the Validate Server Identity check box to force the system to authenticate the identity of the server as an added level of security.
- If you checked the Use Machine Information For Domain Logon check box in the previous step, the Always Do User Authentication check box at the bottom of the window becomes active. Perform one of the following:
-
Check the Always Do User Authentication check box if you want the client to switch from using machine authentication to using user authentication after you log on using your username and password. This is the default setting.
-
Uncheck the Always Do User Authentication check box if you want the client to continue to use machine authentication after the user's computer logs into the domain.
- Choose your server certificate in the Select a Certificate drop-down list.
- Choose the certificate authority from which the server certificate was downloaded in the Trusted Root Certification Authorities drop-down list.
- Perform one of the following:
-
Leave the Server/Domain Name field blank to allow the client to accept a certificate from any server that supplies a certificate signed by the certificate authority listed in the Trusted Root Certification Authorities drop-down list (recommended).
-
In the Server/Domain Name field, enter the domain name of the server from which the client will accept a certificate.
- If the Login Name is filled in automatically, enter your username in this format: username@domain.
- Click OK to save your changes and return to the Profile Management (Security) window.
- Click OK.
- Activate the profile.