Administrator Guide

3. The server verifies the employee‘s credentials, and the employee is connected to the network.

There is a potential problem in this authentication sequence—the employee verified the server’s identity, but

the server didn’t verify the employee's identity. It is possible that the user stole the username and password

This problem can be solved by using both a client certificate and a server certificate. Because EAP-TLS

authentication employs both server and client certificates, when the employee begins authentication, the W-

employee sends the encrypted username and password to the server, the server verifies the employee's

credentials, and the employee is connected to the network. This access process is secure.

2. Import the root Certificate Authority file to the Certificate Trust List.

3. Obtain a signed certificate from Active Directory.

4. Import a server certificate into the W-ClearPass Policy Manager server.

These tasks are described in the following sections.

This task creates a Certificate Signing Request to be signed by a Certificate Authority (CA).

Figure 97 shows an example of the Create Certificate Signing Request page, followed by descriptions of each