You can add certificates from the devices local Advanced Settings page.

You can also add certificates through the API. For more information on how to do that, see the latest version of the API guide.

To add certificates for your Wi-Fi connection, you need the following files:

  • CA certificate list (file format: .PEM)

  • Certificate (file format: .PEM)

  • Private key, either as a separate file or included in the same file as the certificate (file format: .PEM)

  • Passphrase (required only if the private key is encrypted)

The certificate and the private key are stored in the same file on the device.

Service Certificates and Trusted CAs

Certificate validation may be required when using TLS (Transport Layer Security). A server or client may require that the device presents a valid certificate to them before communication is set up.

The certificates are text files that verify the authenticity of the device. These certificates must be signed by a trusted certificate authority (CA). In order to verify the signature of the certificates, a list of trusted CAs must reside on the device. The list must include all CAs needed in order to verify certificates for both audit logging and other connections.

Certificates are used for the following services: HTTPS server, SIP, IEEE 802.1X, and audit logging. You can store several certificates on the device, but only one certificate is enabled for each service at a time.

If authentication fails, the connection will not be established.

Previously stored certificates are not deleted automatically. The entries in a new file with CA certificates are appended to the existing list.


From the customer view in https:/​/​, go to the Devices page, and select your device in the list. Scroll down the device details pane and click Launch Web Portal.

If you have set up a local Admin user on the device, you can access the web interface directly by opening a web browser and typing in http(s)://<endpoint ip or hostname>.


Navigate to Security > Certificate Authorities and upload your CA root certificate(s).


On openssl, generate a private key and certificate request. Copy the content of the certificate request. Then paste it to request the server certificate from your certificate authority (CA).


Download the server certificate signed by your CA. Ensure that it is in .PEM format.


Navigate to Security > Service Certificates and upload the private key and the server certificate. Click Add certificate….


Enable 802.1x for the certificate you just added.