Using WPA Enterprise / WPA2 Enterprise with TLS Client Certificates

This document describes how to use UMS to configure WiFi connections on IGEL OS with WPA Enterprise / WPA2 Enterprise and TLS client certificates.

There are two options for supplying client certificates and keys to endpoint devices:

Via SCEP (NDES)

SCEP allows the automatic provisioning of client certificates via an SCEP server and a certification authority (CA).

Learn how to configure it under Certificate Enrollment and Renewal with SCEP (NDES).

Via Files Served from UMS

You need:

a client certificate in PEM (base64) format
a client private key (needs to be passphrase-protected) in PEM (base64) format

Alternatively,

a PKCS#12 file containing both client certificate and private key (needs to be passphrase-protected)

In both cases, SCEP and Files from UMS, the device needs to have a working Ethernet or WiFi connection to the SCEP server or the UMS first, so that it can fetch the necessary certificates, before it can connect to the target WiFi.

_____

Download PDF

Using WPA Enterprise / WPA2 Enterprise with TLS Client Certificates

Via SCEP (NDES)

Via Files Served from UMS

Cookie Notice