Tried to edit my post and it timed out
In WMS
Under Privacy and Security>SCEP:
Common Name: Use $TN or $SN, don’t add .crt or .cer or .pfx
Under Network Configuration>Ethernet Settings>802.1x Authentication Settings
- Enable EAP Authentication: ON
- Validate Server: OFF
- Check Server: OFF
- Server Name: blank (empty)
- EAP Type: EAP-TLS (or whatever you use)
- Client Certificate Filename: scep_cert_$SN.crt
- Client Certificate Type: Machine
This is what works in my environment. What I’ve found is leaving the Common Name as $SN or $TN don’t designate a certificate type (pfx, crt, cer). My certificates import at SN.pfx or TN.pfx, but when I tell it to authenticate using the Client Certificate Filename it needs to be in the format of scep_cert_$SN.crt (or $TN) regardless that the imported cert is showing as SN.pfx (or $TN) in my list. I think this is a legacy bug from earlier version of ThinOS 9 when the certificate actually got imported with the common name scep_cert_$SN.crt
Try that and see if it works for you.