Skip to main content
Skip table of contents

How to Configure Server Certificate Verification during 802.1x Authentication in IGEL OS 12

You can use registry key configurations for verifying server certificate during 802.1x authentication in wireless and LAN connections in IGEL OS 12.


Example Configuration

If you would like to configure a substring to be matched against the subject of the certificate presented by the authentication server, you can do that through a dedicated registry key:

  1. Configure the network connection under Network > Wireless > Wi-Fi Network or Network > LAN Interfaces for IGEL OS 12 devices. This can be done through a profile, or through local configurations. For details, see Wi-Fi Networks Configuration in IGEL OS 12 and LAN Interfaces in IGEL OS 12 .

  1. In the profile configurator, go to the Search and enable Include Registry.

image-20250708-175933.png

  1. Start typing the name of the registry key and open the search result under Results in Registry to navigate there in the registry.
    For example search for:

    • network.interfaces.wirelesslan.device1.alt_ssid for authentication through WLAN

    • network.interfaces.ethernet.device for authentication through Ethernet

You can also use the Registry navigation tree to get to the registry keys. Each dot in the registry key marks a level deeper in the tree. For example, for network.interfaces.ethernet.device1, you need to click through network > interfaces > ethernet > device1.

  1. Find the right instance of the registry key to update. Instances are present for each configured connection. Instances are marked by the numbers in the registry keys, like device0.alt_ssid1.

For WLAN, the instance you are looking for is the one where network.interfaces.wirelesslan.device0.alt_ssidX.network_name contains the right name (SSID).

  1. Fill out the registry key field with the substring.

Useful Registry Keys

You can use the following registry parameters to further configure the 802.1x authentication. You can find them by searching for the registry key as described above.

Subject alternative matches

List of strings separated by ";" to be matched against altSubjectName of the certificate presented by the authentication server, for example DNS:server.example.com

Registry key for WiFi: network.interfaces.wirelesslan.device0.alt_ssid0.wpa.altsubject_matches

Registry key for LAN:network.interfaces.ethernet.device0.ieee8021x.altsubject_matches

Domain match

List of FQDNs separated by ";" to be matched against the certificate presented by the authentication server.

Registry key for WiFi: network.interfaces.wirelesslan.device0.alt_ssid0.wpa.domain_match

Registry key for LAN: network.interfaces.ethernet.device0.ieee8021x.domain_match

Domain suffix match

List of FQDN suffixes separated by ";" to be matched against dNSName elements of the certificate presented by the authentication server.

Registry key for WiFi: network.interfaces.wirelesslan.device0.alt_ssid0.wpa.domain_suffix_match

Registry key for LAN: network.interfaces.ethernet.device0.ieee8021x.domain_suffix_match

Subject match

Substring to be matched against the subject of the certificate presented by the authentication server.

Registry key for WiFi:network.interfaces.wirelesslan.device0.alt_ssid0.wpa.subject_match

Registry key for LAN:nnetwork.interfaces.ethernet.device0.ieee8021x.subject_match

Phase 2 alternative subject matches

List of strings separated by ";" to be matched against altSubjectName of the certificate presented by the authentication server.

Registry key for WiFi: network.interfaces.wirelesslan.device0.alt_ssid0.wpa.phase2_altsubject_matches

Registry key for LAN: network.interfaces.ethernet.device0.ieee8021x.phase2_altsubject_matches

Phase 2 Domain match

List of FQDNs separated by ";" to be matched against the certificate presented by the authentication server during the inner "phase 2" authentication.

Registry key for WiFi: network.interfaces.wirelesslan.device0.alt_ssid0.wpa.phase2_domain_match

Registry key for LAN: nnetwork.interfaces.ethernet.device0.ieee8021x.phase2_domain_match

Phase 2 Domain suffix match

List of FQDN suffixes separated by ";" to be matched against dNSName elements of the certificate presented by the authentication server during the inner "phase 2" authentication.

Registry key for WiFi: network.interfaces.wirelesslan.device0.alt_ssid0.wpa.phase2_domain_suffix_match

Registry key for LAN: network.interfaces.ethernet.device0.ieee8021x.phase2_domain_suffix_match

Phase 2 Subject match

Substring to be matched against the subject of the certificate presented by the authentication server during the inner "phase 2" authentication.

Registry key for WiFi: network.interfaces.wirelesslan.device0.alt_ssid0.wpa.phase2_subject_match

Registry key for LAN: network.interfaces.ethernet.device0.ieee8021x.phase2_subject_match

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.