6. CSE-200 Configurator
ClickShare supports 2 formats for uploading a client certi
fi
cate:
•
PKCS#12 (.pfx)
- An archive
fi
le format for storing multiple cryptography objects.
•
Privacy Enhanced Mail (.pem)
– A Base64 encoded DER certi
fi
cate stored between 2 tags:
"-----BEGIN CERTIFICATE-----"
and
"-----END CERTIFICATE-----"
.
When the provided PKCS#12
fi
le also contains the necessary CA certi
fi
cate the Base Unit will extract it and
verify the chain of trust to avoid that you have to separately provide the CA certi
fi
cate.
CA certi
fi
cate
The CA certi
fi
cate is the certi
fi
cate of the authoritative root CA in your domain and will be used in setting up the EAP-TLS connection.
During the wizard the Base Unit will ensure that it can validate the chain of trust between the Client and CA certi
fi
cates you provide.
ClickShare supports the common .crt
fi
le extension which can contain a Base64 encoded DER certi
fi
cate.
When having problems connecting the Button to your corporate network, to get feedback from the Button
please have a look at the ClickShare Client log. This log can be pressing the holding Shift key when starting
the Client executable. Look for the lines
“EDSUSBDongleConnection::mpParseDongleMessages”
. An error
code and a short summary of the issue should be logged.
6.14 Network integration, EAP-TTLS security mode
About EAP-TTLS
EAP-TTLS (Tunneled Transport Layer Security) is an EAP implementation by Juniper networks. It is designed to provide authen-
tication that is as strong as EAP-TLS, but it does not require each user to be issued a certi
fi
cate. Instead, only the authentication
servers are issued certi
fi
cates. User authentication is performed by password, but the password credentials are transported in a
securely encrypted tunnel established based upon the server certi
fi
cates.
User authentication is performed against the same security database that is already in use on the corporate LAN: for example, SQL
or LDAP databases, or token systems. Since EAP-TTLS is usually implemented in corporate environments without a client certi
fi
cate
we have not included support for this. If you prefer using client certi
fi
cates per user we suggest using EAP-TLS.
How to start up for EAP-TTLS
1. Log in to the
Con
fi
gurator
.
2. Click
WiFi & Network
→
Network integration
. Click on
Change con
fi
guraton
.
3. Select the radio button next to
EAP-TTLS
and click
Next
.
Image 6-26
Network integration, EAP-TTLS selected
R5900023 CLICKSHARE CSE-200 13/07/2016
47
Содержание ClickShare CSE-200
Страница 1: ...ClickShare CSE 200 Installation manual R5900023 04 13 07 2016 ...
Страница 12: ......
Страница 14: ...Table of contents 2 R5900023 CLICKSHARE CSE 200 13 07 2016 ...
Страница 24: ...2 CSE 200 Specifications 12 R5900023 CLICKSHARE CSE 200 13 07 2016 ...
Страница 26: ...3 Getting started 14 R5900023 CLICKSHARE CSE 200 13 07 2016 ...
Страница 32: ...4 CSE 200 Installation 20 R5900023 CLICKSHARE CSE 200 13 07 2016 ...
Страница 36: ...5 Preparing the buttons 24 R5900023 CLICKSHARE CSE 200 13 07 2016 ...
Страница 76: ...6 CSE 200 Configurator 64 R5900023 CLICKSHARE CSE 200 13 07 2016 ...
Страница 78: ...7 Software updates 66 R5900023 CLICKSHARE CSE 200 13 07 2016 ...
Страница 82: ...8 Troubleshooting 70 R5900023 CLICKSHARE CSE 200 13 07 2016 ...