Using Vocera Manufacturer Certificates

You can use the Vocera Manufacturer Certificates if you do not want to manage EAP-TLS certificates for Vocera B3000n and B3000 badges. Vocera Manufacturer Certificates is provided for client and server certificates.

Vocera Manufacturer Certificates use 2048-bit RSA keys, which provide excellent security for enterprise and conform to industry standards and National Institute of Standards and Technology (NIST) recommendations.

B3000n and B3000 badges are preconfigured with EAP-TLS client certificates. They are automatically downloaded from the Vocera Voice Server or the configuration computer. However, you need to install Vocera server certificates on your authentication server.

Note: Vocera Manufacturer Certificates are not pre-installed on smartphones with VCS installed . If you want to use EAP-TLS authentication on smartphones, you need to either obtain certificates from a trusted CA, or generate your own certificates.

To configure your authentication server for EAP-TLS using Vocera Manufacturer Certificates, perform the following:

  1. Locate the following server certificates in the \VS\certificates\EAP-TLS folder on the Vocera DVD:
    File Description

    vmc_rootca_cert.pem

    This file is a root CA certificate.

    server_cert.pem

    This file is a server certificate.

    server_key.pem

    This file is a server private key.

  2. Install all of the above certificates and configure the EAP-TLS part of your authentication server.
  3. Add a username named Vocera Manufacturer Certificate Client to your authentication server database.
    The name must match, otherwise authentication will fail. Choose any password for this user.
  4. Run the Badge Properties Editor on the configuration computer.
  5. Click Security, and specify the following B3000n and B3000 badge properties:
    • Authentication—EAP-TLS

    • Use Custom EAP-TLS Certificates—unchecked

    • Encryption—TKIP-WPA or AES-CCMP

  6. Save the badge.properties file and copy it to your Vocera Voice Server computers.
  7. Stop and start the Vocera Voice Server.
    B3000n and B3000 badges are automatically updated, and are authenticated with the authentication server.