Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
The 802.1X EAP-TLS process begins with the supplicant initiating an EAPoL-Start, then the authenticator requests identity. The supplicant responds with an EAP-Response/Identity, the authenticator forwards it to the RADIUS server, and the server requests the client certificate to start the TLS handshake.