Configuring Wi-Fi Security Using Certificate-based Authentication

To configure a Wi-Fi network using certificate-based authentication (EAP-TLS), administrators must first load the required certificates into the device. This includes the client certificate and its associated private key. Certificates can be loaded either manually or via provisioning, using the following parameters:

security/device_certificate_url=
security/device_private_key_url=
security/CA certificate/0/uri=

Once the certificates are loaded, the administrator can configure a secure Wi-Fi connection via the user interface under Wi-Fi menu > Add Network (see Manually Connecting to a Wi-Fi Network).

To use EAP-TLS for authentication, configure the following parameters:

network/wireless/eap_method=TLS
network/wireless/ca_cert=
network/wireless/client_cert=

➢

Example Configuration

The following is an example of the Wi-Fi configuration using EAP-TLS:

network/wireless/ssid=RAX10-2.4G-5G
network/wireless/security=802.1x_EAP
network/wireless/eap_method=TLS
network/wireless/phase2_method=NONE
network/wireless/ca_cert=SYSTEM
network/wireless/domain=Cisco
network/wireless/client_cert=USRPKEY_device_crt
network/wireless/identity=ipp