Uploading Certificates

You can upload and manage your CA root and client certificates for Tera2 PCoIP Zero Clients from the AWI's Certificate Upload page, shown below.

Alt text
AWI Certificate Upload Page

Certificates used in PCoIP firmware must be in PEM format with a maximum file size of 10,237 bytes, and maximum RSA key size of 4096 bits. You can upload up to 16 certificates providing you don't exceed the maximum storage size of 163,648 bytes. The available storage field lets you know how much space is left in the certificate store.

You can simplify the retrieval and installation of digital certificates by enabling devices to obtain certificates automatically from a Simple Certificate Enrollment Protocol (SCEP) server. With SCEP enabled, you can only upload a maximum of 14 additional certificates, since two slots are reserved for SCEP server certificates. To upload certificates automatically using SCEP, see Obtaining Certificates Automatically Using SCEP.

Authentication issues

If you have authentication issues after uploading a Connection Server client certificate, see PCoIP TROUBLESHOOTING STEPS: View Connection Server Client Certificates (KB 1363) for further information.

Include all security information in 802.1x client certificate

The PCoIP protocol reads just one 802.1x client certificate for 802.1x compliant networks. Make sure you include all the security information for your PCoIP devices in that client certificate. For more information about uploading certificates, see Certificate management for PCoIP Zero Clients and Remote Workstation Cards (KB 1561). For information on 802.1x certificate authentication, see Configuring 802.1x Network Device Authentication.

802.1x Authentication

Use the following when you use 802.1x authentication:

  • 802.1x authentication requires two certificates—an 802.1x client certificate and an 802.1x server CA root certificate.
  • The 802.1x client certificate must be in .pem format and contain a private key that uses RSA encryption. If the certificate is in a different format, you must first convert the certificate, including the private key, to .pem format before uploading it.
  • After uploading the 802.1x client certificate from the Certificate Upload page, you must configure 802.1x authentication from the Network page. This entails enabling 802.1x authentication, entering an identity string for the device, selecting the correct 802.1x client certificate from the drop-down list, and applying your settings.
  • The 802.1x server CA root certificate must be in .pem format, but should not need to contain a private key. If the certificate is in a different format, you must convert it to .pem format before uploading it. This certificate does not require configuration from the Network page.
  • Both the 802.1x client certificate and the 802.1x server CA root certificate must be less than 10,238 bytes; otherwise, you will not be able to upload them. Some certificate files may contain multiple certificates. If your certificate file is too large and it has multiple certificates within, you can open the file in a text editor, copy and save each certificate to its own file.

The following settings display on the AWI Certificate Upload page.

Certificate Upload Parameters

Parameter Description
Certificate filename Used to select a certificate to upload.
You can upload up to a maximum of 16 root and client certificates.
Uploaded Certificates This displays any uploaded certificates. To delete an uploaded certificate, click the Remove button. The deletion process occurs after the device is rebooted. To view the details of a certificate, click the Detail button. These certificates appear as options in the Client Certificate drop-down menu on the Network page.
Selected Peer-to-Peer Certificate This is a read-only field. It is linked to the Peer-to-Peer Certificate field on the Session page.
802.1X Client Certificate This is a read-only field. It is linked to the Client Certificate field on the Network page.

To upload a certificate to a client:

  1. From the AWI, select the Upload > Certificate.
  2. Browse to the folder containing the certificate file. This file will have a .pem extension.
  3. Double-click the correct .pem certificate file.
  4. Click Upload.
  5. Click OK to confirm that you want to proceed with the upload.
  6. Click Continue.

If the certificate uploads successfully, it will appear in the Uploaded Certificates list on this page.