EAP-TLS, utilizing client certificates rather than passwords, is the most secure form of 802.1X authentication. The classic issue with EAP-TLS, which led to the development of PEAP and TTLS, is that it requires a client certificate on every machine. This used to be a management nightmare, but now XpressConnect automates the client certificate process for a wide array of managed and unmanaged device types.

XpressConnect has the ability to interact with your Certificate Authority (CA) server to authenticate the user (and/or device) and retrieve a client certificate. Whether you use Microsoft CA or a home-grown CA, XpressConnect provides a drop-in vehicle for extending EAP-TLS to Windows, Mac, Ubuntu, iOS, and Android devices.

During the client certificate generation process, the client's private key never leaves the device, maximizing the security of the certificate. During the issuing process, XpressConnect can provide extensive device and user-related information upon which the CA may decide to issue a certificate or deny the request. Once a certificate is issued, XpressConnect will automatically install it and configure the WPA2-Enterprise SSID to utilize it.

As always, XpressConnect allows you to mix and match your configurations to match your policies. Whether EAP-TLS is deployed as the only access mechanism or as an option alongside PEAP or TTLS, XpressConnect will ensure the device is successfully connected to the secure wireless network in a simple and fool-proof manner.

If you believe EAP-TLS is inherently difficult, request a demo and we will show you how simple EAP-TLS can be.