Windows Certificate Store vs. Certs Path

Note: It is important that all dates are correct on the Thor VM1 and host computers when using any type of certificate. Certificates are date sensitive and if the date is not correct authentication will fail.

!If using the Windows Certificate Store, the Windows Account must have a password. The password cannot be left blank. The Summit Client Utility uses the Windows user account credentials to access the Certificate Store. The Windows user account credentials need not be the same as the credentials entered in the Summit Client Utility.

User Certificates

EAP-TLS authentication requires a user certificate. The user certificate must be stored in the Windows certificate store.

To generate the user certificate, see Generate a User Certificate (page 6-35).

To import the user certificate into the Windows certificate store, see Install a User Certificate (page 6-37).

A Root CA certificate is also needed. Refer to the section below.

Root CA Certificates

Root CA certificates are required for EAP/TLS, PEAP/GTC and PEAP/MSCHAP. Two options are offered for storing these certificates. They may be imported into the Windows certificate store or copied into the Certs Path directory.

Certs Path

1.See Generate a Root CA Certificate (page 6-32)and follow the instructions to download the Root Certificate to a PC.

2.Copy the certificate to specified directory on the mobile device. The default location for Certs Path is C:\Program Files\Summit\certs. A different location may be specified by using the Certs Path global variable.

3.When completing the Credentials screen for the desired authentication, do not check the Use MS store checkbox after checking the Validate server checkbox.

4.Enter the certificate name in the CA Cert text box.

5.Click OK to exit the Credentials screen and then Commit to save the profile changes.

Windows Certificate Store

1.See Generate a Root CA Certificate (page 6-32)and follow the instructions to download the Root Certificate to a PC.

2.To import the certificate into the Windows store, See Install a Root CA Certificate (page 6-34).

3.When completing the Credentials screen for the desired authentication, be sure to check the Use MS store check- box after checking the Validate server checkbox.

4.The default is to use all certificates in the store. If this is OK, skip to the last step.

5.Otherwise, to select a specific certificate click on the Browse (…) button.

6 - 17