Using the Badge Properties Editor / Setting Security Properties |
Learn how to configure Vocera Badges using certificates for authentication
The badge supports EAP-Transport Layer Security or EAP-TLS, which provides excellent security, relying on client and server-side certificates. EAP-TLS is an IETF open standard, and is universally supported by WLAN vendors. It provides strong security by requiring both the badge and an authentication server to prove their identities via public key cryptography, or digital certificates. The EAP-TLS exchange is encrypted in a TLS tunnel, making it resistant to dictionary attacks.
To simplify EAP-TLS configuration, Vocera supplies client- and server-side EAP-TLS certificates called Vocera Manufacturer Certificates. To use Vocera Manufacturer Certificates, uncheck the Use Custom EAP-TLS Certificates box. You can also generate your own self-signed certificates or obtain them from a trusted Certificate Authority (CA).
If you are implementing EAP-TLS, you will need to install certificates on one of the following authentication servers:
The Security properties you need to specify for EAP-TLS vary depending on whether you choose to use Vocera Manufacturer Certificates or custom EAP-TLS certificates.
Using Vocera Manufacturer Certificates | Using Custom EAP-TLS Certificates |
---|---|
Authentication = EAP-TLS Use Custom EAP-TLS Certificates = unchecked Encryption = TKIP-WPA or AES-CCMP |
Authentication = EAP-TLS Use Custom EAP-TLS Certificates = checked User Name = Username created on the authentication server Client Key Password = Password used to encrypt the client key Encryption = TKIP-WPA or AES-CCMP |
For information about configuring EAP-TLS for Cisco ACS, see the Vocera Infrastructure Planning Guide.