• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 413
  • Last Modified:

Using EAP for WPA2 Enterprise access

Hi All

I'm trying to learn about EAP and how it works with WPA2 Enterprise in terms of securing the authentication mechanism.

I had some questions:

1. Would I be correct in saying, as mentioned in another of my questions, that with WPA2 Authentication, EAP is a form of securiing the authentication mechanism. This can be via certificates (e.g. EAP TLS) or pre-shared keys (EAP-PSK)/

2. With EAP-TLS, how are the certificates generated and how are they installed on the client?

0
Joe_Budden
Asked:
Joe_Budden
2 Solutions
 
jesajaCommented:
1. yes EAP is a authentication methode  EAP-TLS is certificate based and EAP-PSK pre-shared based


2. for example certificates can be deployed automatically to users within a AD using an Enterprise CA (Autoenrollmend) or  installed on the client manually, or certificates on smart cards
0
 
RikeRCommented:
1. EAP is only a framework for authentication, not a specific authentication mechanism. The security therefore is different in each implementation. The most secure is EAP-TLS which uses client certificates.

2. You need an PKI to distribute certificates. You can for example use TinyCA2 for generating the certificates. These can be exported in e.g. PKCS#12 format which are readable to most operating systems, including smartphones. Using Windows you can just double-click the PKCS#12 file and automatically it will get installed.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now