Document Reference: X-0036-01-07 Cadmus & Ratifi Operating Manual
Drawn: 13/11/2020
Page 30 of 66
1.13.11
Wi-Fi Connection
1.13.11.1
Preparing your Wi-Fi connection
The Cadmus device supports the following connection methods.
•
Open
•
WEP
•
WPA or WPA2 Personal
•
WPA2 Enterprise
1.13.11.2
Using Personal Networks
Using Personal Networks you will only need the following:
•
SSID (name of your Wi-Fi network).
•
Your network KEY.
1.13.11.3
Using Enterprise Networks:
WPA2-Enterprise networks can be complex to set up, please consult you IT department before installation.
The Cadmus device supports multiple EAP (Extensible Authentication Protocol) methods when using WPA2 Enterprise networks. Below is a list of supported methods.
•
EAP-TLS
•
EAP-TTLS-TLS
•
EAP-TTLS-MSCHAPv2
•
EAP-TTLS-PSK
•
EAP-PEAP0-TLS
•
EAP-PEAP0-MSCHAPv2
•
EAP-PEAP0-PSK
•
EAP-PEAP1-TLS
•
EAP-PEAP1-MSCHAP-v2
•
EAP-PEAP1-PSK
Depending on the chosen method, you will require some of the following.
•
SSID
(name of your Wi-Fi network).
•
Username
(username may require domain name: e.g. “domain
\
user” or “user@domain”)
•
Password
•
Root Certificate
•
Client Certificate
•
Client Key
Generally, the following applies:
•
EAP-TLS requires a Username, Root Certificate, Client Certificate and Client Key.
•
EAP-PEAP0-MSCHAPv2 requires a Username, Password and Root Certificate.
The certificates are normally generated by the certificate authority and the user management via a Radius server. Configuration for the radius would be made
within the customer’s access point.
Root Certificate, Client Certificate and Client key should be in X-509 PEM format. PEM format refers to an ASCII (Base64) encoded cert
ificate, prefixed with “
----
-BEGIN CERTIFICATE-----
“and suffixed with “
-----END CERTIFICATE-----
“. The certificate transfer mechanism is unidirectional, to the device only. Certificates
cannot be off-loaded from the device or viewed once loaded.
The following ciphers are compatible.
•
RSA (MAX 2048 bit) (4096 bit coming soon)
•
SHA1
•
SHA256
•
SHA384
•
SHA512
•
MD5
•
POLY 1305
•
DHE
•
ECDSA
•
ECDHE
The Cadmus device will automatically send alarms 30 days before the certificates expire. Providing a Wi-Fi connection is possible.