Using Vocera Manufacturer Certificates

You can use the Vocera Manufacturer Certificates (VMC) if you do not want to manage EAP-TLS certificates for B3000n, and V5000 devices. Vocera Manufacturer Certificates are provided for client and server certificates.

Vocera Manufacturer Certificates use 2048-bit RSA keys, which provide excellent security for enterprise and conform to industry standards and National Institute of Standards and Technology (NIST) recommendations.

Vocera devices are preconfigured with EAP-TLS client certificates. It is automatically downloaded from the Vocera Voice Server or the configuration computer. However, you need to install Vocera server certificates on your authentication server.

Note: To obtain the new VMC, contact Vocera Technical Support.

To configure your authentication server for EAP-TLS using Vocera Manufacturer Certificates, perform the following:

Locate the following client certificates at\vocera\config\<gen3\gen3n\gen5>\badge\res\certificates\EAP-TLS\vi.
The following certificates are present:
- c_p―Root CA certificate.
- a_d―Client certificate.
- b_p―Client key.
Install all the mentioned certificates and configure the EAP-TLS part of your authentication server.
Add a username named Vocera Manufacturer Certificate Client to your authentication server database.
The name must match; otherwise, authentication fails. Choose any password for this user.
Run the Badge Properties Editor on the configuration computer.
For B3000n, click Security, and specify the following badge properties:
- Authentication—EAP-TLS
- Use Custom EAP-TLS Certificates—unchecked
- Encryption—TKIP-WPA or AES-CCMP
For V5000, click Security, and specify the following badge properties:
- Authentication—WPA-EAP
- EAP Method—TLS
- Use Custom EAP-TLS Certificates—unchecked
- Encryption—CCMP or TKIP
Save the badge.properties file and copy it to your Vocera Voice Server computer.
Stop and start the Vocera Voice Server.
Vocera devices are automatically updated and are authenticated with the authentication server.