Certificates issued and managed via SCEP can be used for purposes such as network authentication.
Relevant options can be found when
- configuring IEEE 802.1x authentication
Network>LAN Interfaces>Interface 1>Authentication - or when setting up the wireless network
Network>LAN Interfaces>Wireless>Authentication, WPA Enterprise Encryption, EAP Type TLS.
One problem when the client certificate is distributed via the network is that the same certificate is needed for communication. The use of the SCEP in conjunction with 802.1x authentication presents no problems to the extent that the initial request for the certificate should also be possible without a certificate.
Enable the 802.1x authentication method after the SCEP has been configured.
When requesting the certificate, the client will attempt to establish a connection to the SCEP server without using any authentication. It will use the authentication only after having received the certificate.
For WLAN connections, a method of certificate-less PSK encryption must first be set up. The client will then use this connection to obtain the certificate. After this, the WLAN connection can be reconfigured once again.
While the above-mentioned method for Ethernet connections will also function via the UMS, the initial configuration of the WLAN can only be performed on the client as the WLAN is disabled by default.