Using WPA Enterprise / WPA2 Enterprise with TLS Client Certificates

This document describes how to use UMS to configure WiFi connections on IGEL OS with WPA Enterprise / WPA2 Enterprise and TLS client certificates.

There are two options for supplying client certificates and keys to endpoint devices:

Via SCEP (NDES)

SCEP allows the automatic provisioning of client certificates via an SCEP server and a certification authority (CA).

Learn how to configure it in the SCEP Best Practice document.

Via Files Served from UMS

You need:

  • a client certificate in PEM (base64) format
  • a client private key (needs to be passphrase-protected) in PEM (base64) format

Alternatively,

a PKCS#12 file containing both client certificate and private key (needs to be passphrase-protected)


In both cases, SCEP and Files from UMS, the device needs to have a working Ethernet or WiFi connection to the SCEP server or the UMS first, so that it can fetch the necessary certificates, before it can connect to the target WiFi.

_____

Last update: July 26, 2018