User manual
Security
myUTN User Manual Mac 101
Configuring PEAP
Benefits and
Purpose
PEAP (Protected Extensible Authentication Protocol) validates the
identity of devices or users before they gain access to network
resources. You can configure the UTN server for the PEAP network
authentication. This ensures that the UTN server gets access to pro-
tected networks.
Mode of Operation
In the case of PEAP (compare EAP-TTLS, see 99), an encrypted
TLS (Transport Layer Security) channel is established between the
UTN server and the RADIUS server. Only the RADIUS server authenti-
cates itself using a certificate that was signed by a CA.
The TLS channel is then used to establish another connection that
can be protected by means of additional EAP authentication meth-
ods (e.g. MSCHAPv2).
The advantage of this procedure is that only the RADIUS server
needs a certificate. Therefore no PKI is needed. PEAP uses the advan-
tages of TLS and supports various authentication methods, including
user passwords and one-time passwords.
Requirements
The UTN server is defined as user (with user name and password)
on a RADIUS server.
Proceed as follows:
1. Start the myUTN Control Center.
2. Select SECURITY – Authentication.
3. Select PEAP from the Authentication method list.
4. Enter the user name and the password that are used for the
configuration of the UTN server on the RADIUS server.
5. Select the settings intended to secure the communication in the
TLS channel.
6. To make the connection more secure, you can also install the
root CA certificate of the certification authority that has issued
the certificate of the authentication server (RADIUS) on the UTN
server; see: ’Installing the CA Certificate in the UTN Server’
94
.
Afterwards, select the root CA certificate from the list EAP root
certificate.