Home » Wi-Fi networks and VPN networks » Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices

Configuring EAP-TTLS authentication

If your organization implements EAP-TTLS authentication, Wi-Fi enabled BlackBerry devices must authenticate to an authentication server so that they can connect to the enterprise Wi-Fi network.

EAP-TTLS authentication requires that BlackBerry devices trust the authentication server certificate. To trust the authentication server certificate, BlackBerry devices must trust the certificate authority that issued the certificate. A certificate authority that the BlackBerry devices and the authentication server trust mutually must generate the authentication server certificate.

Each BlackBerry device stores a list of explicitly trusted certificate authority certificates. BlackBerry devices that use EAP-TTLS authentication require the root certificate for the certificate authority that created the authentication server certificate.

To distribute the root certificate to BlackBerry devices, you can use the certificate synchronization tool in BlackBerry Desktop Manager or you can enroll the certificate over the wireless network.

For more information about how the BlackBerry Enterprise Solution supports EAP-TTLS authentication, see the BlackBerry Enterprise Server Security Technical Overview.