EAP-TTLS authentication requires that BlackBerry devices trust the authentication server certificate. To trust the
authentication server certificate, BlackBerry devices must trust the certificate authority that issued the certificate. A
certificate authority that the BlackBerry devices and the authentication server trust mutually must generate the
authentication server certificate.
Each BlackBerry device stores a list of explicitly trusted certificate authority certificates. BlackBerry devices that use EAP-
TTLS authentication require the root certificate for the certificate authority that created the authentication server
certificate.
To distribute the root certificate to BlackBerry devices, you can use the certificate synchronization tool in BlackBerry
Desktop Manager or you can enroll the certificate over the wireless network.
For more information about how the BlackBerry Enterprise Solution supports EAP-TTLS authentication, see the
BlackBerry
Enterprise Server Security Technical Overview
.
Configure EAP-TTLS authentication data for
BlackBerry devices using a Wi-Fi profile
If BlackBerry device users in your organization's environment use BlackBerry 7270 smartphones, you must configure user
names and passwords using IT policy rules instead of configuration settings.
1.
In the BlackBerry Administration Service, on the
BlackBerry solution management
menu, expand
Policy > Wi-Fi
configuration
.
2.
Click
Manage Wi-Fi profiles
.
3.
Click the name of the Wi-Fi profile that you want to change.
4.
Click
Edit profile
.
5.
On the
Wi-Fi profile settings
tab, perform the following actions:
• In the
Wi-Fi User Name
field, type the user name for EAP-TTLS authentication.
• In the
Wi-Fi User Password
field, type the password for EAP-TTLS authentication.
6.
If required, configure the following configuration settings:
• Wi-Fi Link Security
• Wi-Fi Hard Token Required
• Wi-Fi Server Subject
• Wi-Fi Server SAN
• Wi-Fi Disable Server Certificate Validation
7.
Click
Save All
.
After you finish:
Administration Guide
Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices
257