You can manage the EAP-TLS certificates either by generating your own self-signed
certificates or obtaining certificates from a trusted Certificate Authority (CA) such as
Microsoft Certificate Authority.
To configure your authentication server for EAP-TLS using external certificates, perform
the following:
-
Generate the new EAP-TLS certificates.
Note: Note down the password used to encrypt the client key. You will need to enter
this password for the Client Key Password property.
-
Download the server certificates to your authentication server.
-
Copy the Root CA certificate, the client certificate, and the client key to the
vocera\config\gen3\badge\res\certificates\EAP-TLS and
vocera\config\gen5\badge\data\res\certificates\EAP-TLS folder
for B3000n and v5000 respectively, on the Vocera Voice Server and the
configuration computer.
Note: The certificates for the device must be in PEM format.
-
Rename the files with the following names:
- rootca_cert―The root CA certificate
- client_cert―The client certificate
- client_key―The client-key
-
Add username to your authentication server database that the badges will use for
authentication. Choose any password for this user.
-
Run the Badge Properties Editor on the configuration computer.
-
For B3000 and B3000n, click Security, and specify the
following badge properties:
-
For V5000, click Security, and specify the following badge
properties:
-
Save the badge.properties file, and copy it to your Vocera Voice Server
computers.
-
Stop and start the Vocera Voice Server.
Vocera devices are automatically updated, and are authenticated with the
authentication server.
Note: To use unique certificate for the device, use the certificate generation tool
that is provided with the BCU.