(new related group 1)

Deploying Client Certificates and Keys

Voriges Thema

Nächstes Thema

Configuring the Network Interface

This describes how to configure the WiFi interface.

In both cases, SCEP and files from UMS, the device needs to have a working Ethernet or WiFi connection to the SCEP server or the UMS first, so that it can fetch the necessary certificates, before it can connect to the target WiFi.

Using SCEP (NDES)

  1. In Setup go to Network > LAN Interfaces > Wireless.
  2. Check Activate Wireless Interface.
  3. Go to Default WiFi-network.
  4. Select Enable WPA Encryption.
  5. Enter the Wireless Network Name (SSID).
  6. Select WPA Enterprise or WPA2 Enterprise according to your preferences.
  7. Set EAP Type to TLS

    or set EAP Type to PEAP and Auth Method to TLS.

    IGEL OS supports both EAP-TLS and PEAP-EAP-TLS. Choose one that is supported by your infrastructure.

  8. Leave Validate Server Certificate enabled.
  9. Enter the path to a CA Root Certificate if you use a CA other than those supported by IGEL OS.
  10. Check Manage Certificates with SCEP (NDES).
  11. Click Save.

Using Certificate and Key Files

  1. In Setup go to Network > LAN Interfaces > Wireless.
  2. Check Activate Wireless Interface.
  3. Go to Default Wi-Fi network.
  4. Select Enable WPA Encryption.
  5. Enter the Wireless Network Name (SSID).
  6. Select WPA Enterprise or WPA2 Enterprise according to your preferences.
  7. Set EAP Type to TLS

    or set EAP Type to PEAP and Auth Method to TLS

    IGEL OS supports both EAP-TLS and PEAP-EAP-TLS. Choose one that is supported by your infrastructure.

  8. Leave Validate Server Certificate enabled. Enter the path to a CA Root Certificate if you use a CA other than those supported by IGEL OS.
  9. Enter the path to the Client Certificate file in PEM (base64) format, e.g. /wfs/wpa-tls/client.crt.

    Leave this field blank if you use a PKCS#12 file containing both certificate and private key.

  10. Enter the path to the Private Key file in PEM (base64) format.

    If you use a PKCS#12 file containing both certificate and private key, enter its path here.

  11. Specify the Identity to be used if your key/certificate contains more than one entry.
  12. Enter the Private Key Password.
  13. Click Save.