You can add certificates from the device's local web interface. Alternatively, you can add certificates by running API commands. To see which commands allow you to add certificates, see roomos.cisco.com .

Service certificates and trusted CAs

Certificate validation may be required when using TLS (Transport Layer Security). A server or client may require that the device presents a valid certificate to them before communication is set up.

The certificates are text files that verify the authenticity of the device. These certificates must be signed by a trusted certificate authority (CA). In order to verify the signature of the certificates, a list of trusted CAs must reside on the device. The list must include all CAs needed in order to verify certificates for both audit logging and other connections.

Certificates are used for the following services: HTTPS server, SIP, IEEE 802.1X, and audit logging. You can store several certificates on the device, but only one certificate is enabled for each service at a time.

Previously stored certificates are not deleted automatically. The entries in a new file with CA certificates are appended to the existing list.

For Wi-Fi connection

We recommend that you add a trusted CA certificate for each Cisco Webex room or desk device or Webex Board, if your network uses WPA-EAP authentication. You must do this individually for each device, and before you connect to Wi-Fi.

To add certificates for your Wi-Fi connection, you need the following files:

• CA certificate list (file format: .PEM)

• Certificate (file format: .PEM)

• Private key, either as a separate file or included in the same file as the certificate (file format: .PEM)

• Passphrase (required only if the private key is encrypted)

The certificate and the private key are stored in the same file on the device.

If authentication fails, the connection will not be established.