Blackberry SWD-20120924140022907 Configuring EAP-TLS authentication

9. If necesssary, in the Server subject field, type the server name in the server certificate, in URL format (for example,

server1.domain.com or server1.domain.net). If you leave the field blank, the BlackBerry device skips over it during

server authentication.

10. If necesssary, in the Server SAN field, type the alternative name for the server, in URL format (for example,

server1.domain.com or server1.domain.net). If you leave the field blank, the BlackBerry device skips over it during

server authentication.

11. If your organization uses dynamic IP addresses, verify that the Automatically obtain IP address and DNS option is

12. Verify that the Allow inter-access point handover option is selected.

13. If necesssary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry

EAP-TLS authentication requires that BlackBerry devices trust the authentication server certificate and use a client-side

certificate as the supplicant credentials. To trust the authentication server certificate, BlackBerry devices must trust the

certificate authority that issued the certificate. A certificate authority that the BlackBerry devices and the authentication

server trust mutually must generate the certificate for the authentication server and the certificate for each BlackBerry

BlackBerry devices that use EAP-TLS authentication require a client certificate and the root certificate for the certificate

authority server that created the certificate for the authentication server. You can obtain and install both certificates using

the same distribution method.

To distribute the certificates to BlackBerry devices, you can use the certificate synchronization tool in the BlackBerry

Desktop Manager, or you can enroll the certificate over the wireless network. You must configure a Wi-Fi profile to provide