Ieee 802.1X Certificates; Certificate File Requirements - Extron electronics IP Link Pro xi IPL EXP I/O Series User Manual

IEEE 802.1X Certificates

IEEE 802.1X is a standard that enables port-based network access control via an
authentication server. The protocol requires that all devices must be authenticated before
gaining privileges to access the secure part of the network.
The Extron implementation of 802.1X supports PEAP - MSCHAPV2 and EAP - TLS
methods of authentication. This section of the guide details the requirements for any
certificate file
used in the system.
Extron provides resources for learning about 802.1X implementation:
•
•
•
NOTES:

Certificate File Requirements

PEM (Privacy-enhanced Electronic Mail) file types are ASCII encoded, and they are the
required format for 802.1X authentication for the control processors. DER (Distinguished
Encoding Rules) file types are binary encoded and can typically have several file extension
variations, such as .crt and .cer.
NOTE: DER encoded files (files with .der, .crt, or .cer extensions that are encoded in
DER encoded certificates must be converted to PEM encoding using a third-party tool.
Contact your IT administrator for more information on required tools.
To create the 802.1X security certificate for uploading to Extron control processors, ensure
that the certificate file meets the following requirements:
•
•
•
•
•
(machine or CA) and the
The Extron 802.1X Technology Reference Guide, available from www.extron.com, is
the primary resource for background information, system planning, topology, and how
to set up these systems.
The Toolbelt Help file provides detailed step-by-step information on using the software
to set up 802.1X for IP Link Pro control systems and on troubleshooting.
The 802.1X Primer white paper, also available from www.extron.com, provides a
general overview of the protocol and its use within a control system.
• You must run Toolbelt as an administrator.
• Machine certificates require a private key file, which can be encrypted.
DER binary format) must be converted to a PEM encoded file type (.pem) before being
used for authentication.
It contains X.509 certificate information.
It contains a private key (for machine certificates only).
It is PEM encoded.
It has a file extension that is .crt or .pem
Its file name consists of the following types of valid characters:
• Alphanumerical (A-Z, a-z, 0-9) characters
• Some special characters (colon [ : ], underscore [ _ ], and hyphen [ - ])
NOTE: Spaces are not permitted anywhere in the name.
private key file (for the machine certificate) to be
IPL EXP I/O Series • Reference Information 40