Installing the BCU for EAP-TLS with Unique Certificates

Vocera recommends that you use OpenSSL to convert certificates from one format to another since the badges recognize PEM files rather than PFX. After you complete the manual configuration steps, and while running the BCU, the BCU uses OpenSSL to convert the files.

Prerequisite: Install the Badge Configuration Utility available with Vocera Voice Server or from Technical Support. For information about using the Badge Configuration Utility, refer to Using the Badge Configuration Utility.

To install OpenSSL on the dedicated BCU computer:
  1. Download and install the latest version (Win32 OpenSSL v1.0.2f) of OpenSSL. For example, http://slproweb.com/products/Win32OpenSSL.html.
  2. Proceed through the OpenSSL installation, accepting all the defaults. If a message appears stating that Visual C++ 2008 is required, exit the OpenSSL installation and download Visual C++ 2008 from this link: https://www.microsoft.com/en-in/download/details.aspx?id=29.
  3. After OpenSSL is installed, update openssl path in the enviornment variable.
  4. Place all client certificates (.pfx files) into the following folder: %vocera_drive%\vocera\config\certs\files.
    Note: Each certificate must contain the MAC address of the corresponding device. This allows the BCU to determine the corresponding device. The MAC address can be written in a number of formats:
    • 00-09-ef-01-02-03.pfx
    • 0009ef010203.pfx
    • Mchapman_0009EF01ABCD.pfx

    Incomplete MAC addresses result in an error.

  5. For B3000n navigate to %vocera_drive%\vocera\config\gen3\badge\res\certificates\EAP-TLS. For V5000 navigate to %vocera_drive%\vocera\config\gen5\badge\data\res\certificates\EAP-TLS.
  6. Create two empty files named client_key and client_cert. Ensure that there is no extension on the filename.
  7. Obtain the root CA certificate rootca.pem, and rename to rootca_cert. Ensure that there is no extension on the filename.
  8. Copy all the three files and paste them to the following locations: %vocera_drive%\vocera\config\<gen3\gen3n\gen5>\badge\res\certificates\EAP-TLS. For V5000 %vocera_drive%\vocera\config\gen5\badge\data\res\certificates\EAP-TLS.