D-Link AirPremier DWL-2210AP Manual page 158

Appendix A: Configuring Security Settings on Wireless Clients
Obtaining a TLS-EAP Certificate for a Client
I
f you want to use IEEE 802.1x mode with EAP-TLS certificates for authentication and
authorization of clients, you must have an external RADIUS server and a Public Key Authority
Infrastructure (PKI), including a Certificate Authority (CA), server configured on your network.
It is beyond the scope of this document to describe these configuration of the RADIUS server,
PKI, and CA server. Consult the documentation for those products.
Some good starting points available on the Web for the Microsoft Windows PKI software are:
"How to Install/Uninstall a Public Key Certificate Authority for Windows 2000" at
http://support.microsoft.com/default.aspx?scid=kb;EN-US;231881
Certificate Server at http://support.microsoft.com/default.aspx?scid=kb;en-us;318710#3.
Wireless clients configured to use either "WPA with RADIUS" or" IEEE 802.1x"
security modes with an external RADIUS server that supports TLS-EAP certificates
must obtain a TLS certificate from the RADIUS server.
This is an initial onetime step that must be completed on each client that uses either
of these modes with certificates. In this procedure, we use the Microsoft Certificate
Server as an example.
To obtain a certificate for a client, follow these steps.
1. Go to the following URL in a Web browser:
https://IPAddressOfServer/certsrv/
Where IPAddressOfServer is the IP address of your external RADIUS
server, or of the Certificate Authority (CA), depending on the configuration of your
infrastructure.
2. Click "Yes" to proceed to the secure Web page for the server.
158 158
and How to Configure a