Ieee 802.1X Certificates; Certificate File Requirements; Private Key File Requirements - Extron electronics TLI Pro 101 User Manual

IEEE 802.1X Certificates

IEEE 802.1X is a standard that enables port-based network access control via an
authentication server. The protocol requires that all devices must be authenticated before
gaining privileges to access the secure part of the network.
The Extron implementation of 802.1X supports PEAP - MSCHAPV2 and EAP - TLS methods
of authentication. This section of the guide details the Certificate File Requirements and the
Private Key File Requirements to be used in the system.
Extron provides resources for learning about 802.1X implementation:
The Extron 802.1X Technology Reference Guide, available from www.extron.com, is the
primary resource for background information, system planning, topology, and how to set up
these systems.
The Toolbelt Help File provides detailed step-by-step information on using the software to set
up 802.1X for IP Link Pro control systems and on troubleshooting.
The 802.1X Primer white paper, also available from www.extron.com, provides a general
overview of the protocol and its use within a control system.
NOTES:

Certificate File Requirements

PEM (Privacy-enhanced Electronic Mail) file types are ASCII encoded, and they are the required
format for 802.1X authentication for the TouchLink Pro control systems. DER (Distinguished
Encoding Rules) file types are binary encoded and can typically have several file extension
variations, such as .crt and .cer.
NOTE:
DER encoded certificates must be converted to PEM encoding using a third-party tool.
Contact your IT administrator for more information on required tools.
To create the 802.1X security certificate for uploading to Extron TouchLink Pro control systems,
ensure that the certificate file meets the following requirements:
•
•
•
•
•
NOTE:

Private Key File Requirements

Private key files are required only when employing machine certificates. Follow these
requirements for creating a private key:
•
•
•
•
You must run Toolbelt as an administrator.
•
Machine certificates require a private key file, which can be encrypted.
DER encoded files (files with .der, .crt, or .cer extensions that are encoded in
DER binary format) must be converted to a PEM encoded file type (.pem) before being
used for authentication.
It contains X.509 certificate information.
It contains a private key (for machine certificates only).
It is PEM encoded.
It has a file extension that is .crt or .pem
Its file name consists of the following types of valid characters:
Alphanumerical (A-Z, a-z, 0-9) characters
•
Some special characters (colon [:], underscore [_], and hyphen [-])
•
Spaces are not permitted anywhere in the name.
Its file name consists of the following types of valid characters:
Alphanumerical (A-Z, a-z, 0-9) characters
•
Some special characters (colon [:], underscore [_], and hyphen [-])
•
It has a file extension that is .key or .pem.
It can have optional encryption (via password or passphrase).
TLI Pro 101 • Reference Material 33