Description:

This document describes how you can create digital certificates with LANCOM Smart Certificate for authenticating 802.1x based connections.


Requirements:


Procedure:

By using LANCOM Smart Certificate, the digital certificates can be created directly on the LANCOM router or LANCOM WLAN Controller.

1.1) In LANconfig, open the configuration dialog for the LANCOM router and switch to the menu item Certificates → Cert. authority (CA).

Thus certificates can be created on a LANCOM router or WLAN Controller via Smart Certificate, the unit has to work as a certification authority.

  • If you create the certificates on a WLAN Controller, the certification authority has already been activated, as this is required for the WLAN management functionality of the WLAN Controller.
  • If you want to create certificates on a LANCOM router, the certification authority function of the device must first be activated.

Screenshot of a complex security system configuration interface showing options for certificate authority settings, communication protocols, and system notification preferences.

1.2) In WEBconfig, access the configuration for the LANCOM router and switch to the menu item Setup Wizards → Manage certificates.

Screenshot of a complex network configuration interface displaying various settings including VPN setup, local area network connections, security management options, and more, under the LANCOM system.

1.3) First, create the certificate for the LANCOM router. Click the button Create new certificate to do this.

This image displays a LANCOM Systems management interface for certificates, with a table showing columns like Index, DN, Serial Number, Status, Creation Date, and Profile Name, but currently there are no entries available in the table.

1.4) Set the profile name to TLS-Server.

1.5) In this example, the common name (CN) is set as the company's name. By way of example, the surname (SN) is set to the descriptor Router. The other fields can be filled in as you desire.

1.6) Be sure to password-protect the certificate container.

Image of a LANCOM Systems certificate configuration interface displaying fields for profile name, common name, surname, email, organization name, unit name, locality, state, country, postal code, and certificate validity period, indicating mandatory fields and options for password protection of certificate files.

You can specify which profiles and fields should be displayed in this form in the LANCOM router's configuration with the menu items Certificates → Certificate handling → Profiles and Templates .

A screenshot of a technical configuration interface showing settings for certificates, certificate revocation list parameters, CRL update intervals, OCSP client, and CA web interface options.

1.7) Click the button Enroll (PKCS#12) and give the certificate file a unique file name, if necessary.

Image showing a complex user interface with various file and system management options, including search results, document directories, and network settings.

1.8) The successful download of the certificate file is confirmed by a message.

Image showing a computer interface with a notification of a successful download to the desktop directory.

1.9) If you switch back to Manage certificates, you should see the created certificate in the list.

Screenshot of the LANCOM Systems Manage Certificates interface displaying certificate details such as Index, DN, Serial Number, Status, Creation and Ending Date with options to search and show a specified number of entries per page.

1.10) Create an additional certificate for the wifi client by clicking on the button Create new certificate once again.

1.11) Set the profile name to TLS-Client.

1.12) In this example, the common name (CN) is set as the company's name. By way of example, the surname (SN) is set to the description Client. The other fields can be filled in as you desire.

1.13) You need to password-protect the certificate container.

Image of a LANCOM Systems certificate enrollment interface displaying fields for profile name, common name, surname, email, organization name, unit name, locality, state, country, postal code, and validity period, with a focus on security and encryption details.

1.14) Click the button Enroll (PKCS#12) and give the certificate file a unique file name, if necessary.

Screenshot of a computer interface displaying various system and file management options including links, roaming settings, network configurations, and control panel access, alongside options for organizing folders and handling personal information exchange file types.

1.15) The successful download of the certificate file is confirmed by a message.

Screenshot of a user interface showing a notification for a successful download to the desktop.

1.16) If you switch back to Manage certificates, you should see the created certificate in the list.

Screenshot of the LANCOM Systems management interface displaying a certificate management page with options to create, revoke, and validate certificates, including details such as serial numbers, status, and expiration dates.

1.17) The certificates should have been created successfully and can now be used for authenticating 802.1x based connections.


 

All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2025 LANCOM Systems GmbH