This document describes some preliminary steps that are required before you use EAP-TLS certificates with LANCOM WLAN controllers.
One possible application made feasible by using EAP-TLS certificates in WLCs is the implementation of certificate-based WLAN connections according to IEEE 802.1X.
Without the settings described in the following, the EAP-TLS certificate uploaded to the WLAN controller will be overwritten by a certificate created by the WLC every time the device reboots.
1) Before you upload an EAP-TLS certificate to a LANCOM WLC, you must first open the configuration of the WLC in LANconfig and, in the menu Certificates -> SCEP client, click the Certificate table button and delete the RADIUS certificate listed there.
2) Write the modified configuration back to the LANCOM WLC.
3) With the mouse cursor, right-click on the LANCOM WLC and select the option Configuration management -> Upload a certificate or file....
4) Set the path to the EAP-TLS certificate file and choose the following parameters:
- File type: Certificate files
- Certificate type: EAP-TLS - container as PKCS#12 file
- Password: Here you enter a password to protect the certificate file.
5) To check whether the uploaded EAP-TLS certificate is actually being used, you can open a Telnet or SSH session to the LANCOM WLC and enter the command show eap at the command prompt.