TLP Pro x25 Series and TLS x25 Series • Reference Material 41
IEEE 802.1X Certificates
IEEE 802.1X is a standard that enables port-based network access control via an authentication server. The
protocol requires that all devices must be authenticated before gaining privileges to access the secure part of the
network.
The Extron implementation of 802.1X supports PEAP - MSCHAPV2 and EAP - TLS methods of authentication.
This section of the guide details the “Certificate File Requirements” and the “Private Key File Requirements” to be
used in the system (see below).
Extron provides resources for learning about 802.1X implementation:
The Extron 802.1X Technology Reference Guide, available from www.extron.com, is the primary resource for
background information, system planning, topology, and how to set up these systems.
The Toolbelt Help file provides detailed step-by-step information on using the software to set up 802.1X for IP Link
Pro control systems and on troubleshooting.
The 802.1X Primer white paper, also available from www.extron.com, provides a general overview of the
protocol and its use within a control system.
NOTES:
• You must run Toolbelt as an administrator.
• Machine certificates require a private key file, which can be encrypted.
Certificate File Requirements
PEM (Privacy-enhanced Electronic Mail) file types are ASCII encoded, and they are the required format for 802.1X
authentication for the TouchLink Pro control systems. DER (Distinguished Encoding Rules) file types are binary
encoded and can typically have several file extension variations, such as .crt and .cer.
NOTE: DER encoded files (files with .der, .crt, or .cer extensions that are encoded in DER binary format)
must be converted to a PEM encoded file type (.pem) before being used for authentication.
DER encoded certificates must be converted to PEM encoding using a third-party tool. Contact your IT administrator
for more information on required tools.
To create the 802.1X security certificate for uploading to Extron TouchLink Pro control systems, ensure that the
certificate file meets the following requirements:
• It contains X.509 certificate information.
• It contains a private key (for machine certificates only).
• It is PEM encoded.
• It has a file extension that is .crt or .pem
• Its file name consists of the following types of valid characters:
• Alphanumerical (A-Z, a-z, 0-9) characters
• Some special characters (colon [:], underscore [_], and hyphen [-])
NOTE: Spaces are not permitted anywhere in the name.
Private Key File Requirements
Private key files are required only when employing machine certificates. Follow these requirements for creating a
private key:
• Its file name consists of the following types of valid characters:
• Alphanumerical (A-Z, a-z, 0-9) characters
• Some special characters (colon [:], underscore [_], and hyphen [-])
• It has a file extension that is .key or .pem.
• It can have optional encryption (via password or passphrase).
To Next Page
Loading...