Certificate Infrastructure for a Wireless Network

To implement certificate-based authentication on your 802.1x network through EAP-TLS, you must set up a certificate infrastructure. In an 802.1x-based network you can specify that a network key be used to authenticate to the network or to encrypt your data. Certificates bind the value of a public network key to the identity of the person, device, or service that holds the corresponding private key.

You must install a computer certificate on your CEPC to enable it to be authenticated as a wireless client device using EAP-TLS. and you must install a computer certificate on your wireless client device. A computer certificate must also be installed on the IAS server. During EAP-TLS authentication, the IAS server can then send the certificate to the wireless client device for mutual authentication.

The computer certificate that is submitted by the server must be issued from a certificate authority (CA) that the wireless client trusts. Likewise, the user and computer certificates installed on the wireless client device must be issued from a CA that the server trusts. In this test scenario, TESTSERVER functions as the certificate authority.

Setting up a certificate infrastructure in an enterprise environment consists of a set of complex procedures, and requires detailed planning. The steps described in this topic, reflect the scenario Microsoft implemented for testing purposes. To enable certificate-based authentication for your enterprise environment, you must implement your own customized certificate infrastructure. For more information about Windows 2000 Certificate Services including deployment instructions, visit this Microsoft Web site.

See Also

How to Set Up an 802.1x Network and Connect to It with a CEPC| Certificates | Cryptography

Last updated on Wednesday, April 13, 2005

© 2005 Microsoft Corporation. All rights reserved.