Configuring EAP-TTLS authentication

If your organization implements EAP-TTLS authentication, Wi-Fi enabled devices must authenticate to an authentication server so that they can connect to the enterprise Wi-Fi network.

EAP-TTLS authentication requires that devices trust the authentication server certificate. To trust the authentication server certificate, devices must trust the certification authority that issued the certificate. A certification authority that the devices and the authentication server trust mutually must generate the authentication server certificate.

Each device stores a list of explicitly trusted certification authority certificates. Devices that use EAP-TTLS authentication require the root certificate for the certification authority that created the authentication server certificate.

To distribute the root certificate to devices, you can use the certificate synchronization tool in BlackBerry Desktop Software or you can enroll the certificate over the wireless network.