User manual
Security
myUTN User Manual 98
Configuring EAP-TLS
Benefits and
Purpose
EAP-TLS (Transport Layer Security) validates the identity of devices
or users before they gain access to network resources. You can
configure the UTN server for the EAP-TLS network authentication.
This makes sure that the UTN server gets access to protected
networks.
Basic Functions
EAP-TLS describes a certificate-based authentication method via a
RADIUS server. For this purpose, certificates are exchanged between
the UTN server and the RADIUS server. An encrypted TLS connection
between the UTN server and the RADIUS server is established in this
process. Both RADIUS server and UTN server need a valid, digital
certificate signed by a CA. The RADIUS server and the UTN server
must validate the certificate. After the mutual authentication was
successful, the access to the network will be freed.
Since each device needs a certificate, a PKI (Public Key
Infrastructure) must be available. User passwords are not necessary.
If you want to use the EAP-TLS authentication, you must observe
the instructions below in the indicated order. If this procedure is not
adhered to, the UTN server in the network may not be addressable.
In this case you have to reset the parameters of the UTN server; see:
Ö107.
Procedure
• Create a certificate request on the UTN server; see: Ö92.
• Create a CA certificate using the certificate request and the
authentication server.
• Install the CA certificate on the UTN server; see: ’Saving the CA
Certificate in the UTN Server’ Ö93.
• Install the root certificate of the authentication server on the
UTN server; see: ’Saving the Root Certificate in the UTN Server’
Ö94.
• Enable the authentication method 'EAP-TLS' on the UTN server.