Using WPA Enterprise / WPA2 Enterprise with TLS Client Certificates

This document describes how to use UMS to configure Wi-Fi connections on IGEL OS with WPA Enterprise / WPA2 Enterprise and TLS client certificates.

There are two options for supplying client certificates and keys to devices:

Via SCEP (NDES)

SCEP allows the automatic provisioning of client certificates via an SCEP server and a certification authority (CA).

Learn how to configure it, using How-To Certificate Enrollment and Renewal with SCEP (NDES).

Via Files Served from UMS

You need:

a client certificate in PEM (base64) format
a client private key (needs to be passphrase-protected) in PEM (base64) format

Alternatively,

a PKCS#12 file containing both client certificate and private key (needs to be passphrase-protected).

In both cases, SCEP and files from UMS, the device needs to have a working Ethernet or Wi-Fi connection to the SCEP server or the UMS first, so that it can fetch the necessary certificates before it can connect to the target Wi-Fi.

How to Deploy Client Certificates and Keys
How to Configure the Network Interface