Using WPA Enterprise / WPA2 Enterprise with TLS Client Certificates

This document describes how to use UMS to configure WiFi connections on IGEL OS with WPA Enterprise / WPA2 Enterprise and TLS client certificates.

There are two options for supplying client certificates and keys to endpoint devices:

Via SCEP (NDES)

SCEP allows the automatic provisioning of client certificates via an SCEP server and a certification authority (CA).

Learn how to configure it, using How-To Certificate Enrollment and Renewal with SCEP (NDES).

Via Files Served from UMS

You need:

  • a client certificate in PEM (base64) format
  • a client private key (needs to be passphrase-protected) in PEM (base64) format

Alternatively,

  • a PKCS#12 file containing both client certificate and private key (needs to be passphrase-protected).


    In both cases, SCEP and files from UMS, the device needs to have a working Ethernet or WiFi connection to the SCEP server or the UMS first, so that it can fetch the necessary certificates, before it can connect to the target WiFi.


Last update: April 9, 2019