How to Configure Server Certificate Verification during 802.1x Authentication in IGEL OS 12
You can use registry key configurations for verifying server certificate during 802.1x authentication in wireless and LAN connections in IGEL OS 12.
Example Configuration
If you would like to configure a substring to be matched against the subject of the certificate presented by the authentication server, you can do that through a dedicated registry key:
Configure the network connection under Network > Wireless > Wi-Fi Network or Network > LAN Interfaces for IGEL OS 12 devices. This can be done through a profile, or through local configurations. For details, see Wi-Fi Networks Configuration in IGEL OS 12 and LAN Interfaces in IGEL OS 12 .
In the profile configurator, go to the Search and enable Include Registry.

Start typing the name of the registry key and open the search result under Results in Registry to navigate there in the registry.
For example search for:network.interfaces.wirelesslan.device1.alt_ssid
for authentication through WLANnetwork.interfaces.ethernet.device
for authentication through Ethernet
You can also use the Registry navigation tree to get to the registry keys. Each dot in the registry key marks a level deeper in the tree. For example, for network.interfaces.ethernet.device1
, you need to click through network > interfaces > ethernet > device1.
Find the right instance of the registry key to update. Instances are present for each configured connection. Instances are marked by the numbers in the registry keys, like
device0.alt_ssid1
.
For WLAN, the instance you are looking for is the one where network.interfaces.wirelesslan.device0.alt_ssidX.network_name
contains the right name (SSID).
Fill out the registry key field with the substring.
Useful Registry Keys
You can use the following registry parameters to further configure the 802.1x authentication. You can find them by searching for the registry key as described above.
Subject alternative matches
List of strings separated by ";" to be matched against altSubjectName of the certificate presented by the authentication server, for example DNS:server.example.com
Registry key for WiFi: network.interfaces.wirelesslan.device0.alt_ssid0.wpa.altsubject_matches
Registry key for LAN:network.interfaces.ethernet.device0.ieee8021x.altsubject_matches
Domain match
List of FQDNs separated by ";" to be matched against the certificate presented by the authentication server.
Registry key for WiFi: network.interfaces.wirelesslan.device0.alt_ssid0.wpa.domain_match
Registry key for LAN: network.interfaces.ethernet.device0.ieee8021x.domain_match
Domain suffix match
List of FQDN suffixes separated by ";" to be matched against dNSName elements of the certificate presented by the authentication server.
Registry key for WiFi: network.interfaces.wirelesslan.device0.alt_ssid0.wpa.domain_suffix_match
Registry key for LAN: network.interfaces.ethernet.device0.ieee8021x.domain_suffix_match
Subject match
Substring to be matched against the subject of the certificate presented by the authentication server.
Registry key for WiFi:network.interfaces.wirelesslan.device0.alt_ssid0.wpa.subject_match
Registry key for LAN:nnetwork.interfaces.ethernet.device0.ieee8021x.subject_match
Phase 2 alternative subject matches
List of strings separated by ";" to be matched against altSubjectName of the certificate presented by the authentication server.
Registry key for WiFi: network.interfaces.wirelesslan.device0.alt_ssid0.wpa.phase2_altsubject_matches
Registry key for LAN: network.interfaces.ethernet.device0.ieee8021x.phase2_altsubject_matches
Phase 2 Domain match
List of FQDNs separated by ";" to be matched against the certificate presented by the authentication server during the inner "phase 2" authentication.
Registry key for WiFi: network.interfaces.wirelesslan.device0.alt_ssid0.wpa.phase2_domain_match
Registry key for LAN: nnetwork.interfaces.ethernet.device0.ieee8021x.phase2_domain_match
Phase 2 Domain suffix match
List of FQDN suffixes separated by ";" to be matched against dNSName elements of the certificate presented by the authentication server during the inner "phase 2" authentication.
Registry key for WiFi: network.interfaces.wirelesslan.device0.alt_ssid0.wpa.phase2_domain_suffix_match
Registry key for LAN: network.interfaces.ethernet.device0.ieee8021x.phase2_domain_suffix_match
Phase 2 Subject match
Substring to be matched against the subject of the certificate presented by the authentication server during the inner "phase 2" authentication.
Registry key for WiFi: network.interfaces.wirelesslan.device0.alt_ssid0.wpa.phase2_subject_match
Registry key for LAN: network.interfaces.ethernet.device0.ieee8021x.phase2_subject_match