Configuring WiFi 802.1x in Humly Control Panel
This document will guide you through the configuration of the 802.1x for the WiFi on Humly Control Panel and Humly Room Display.
WiFi 802.1x is supported on Humly 1.36 onward.
We recommend that Humly Control Panel and Humly Room Display are on the same version and up to date.
Protocols: WPA2-Enterprise (EAP-TLS)
Key: RSA 2048 Bits
Hash: SHA256
WPA3 is not supported
Configuration Steps:
Connect the device to a staging network using an Ethernet connection.
1. Enable 802.1x from Global settings in Humly Control Panel and click Save
2. Go to Rooms and Room monitoring. Click on the room you want to configure to expand the room details
3. Select the Device info tab and then the Security sub-tab
4. Create a certificate request file by clicking on the Request CSR from device button, fill in the certificate request information in the CSR fly-in then click Request CSR
5. Download the CSR by clicking on the button Download CSR. It might take a few seconds, you should see the ready mark in green when the CSR is ready to download
Use the CSR to generate the certificate for the selected device using your CA server
The Root and Device certificate should be Base 64 encoded x509 certificates
6. Browse and select the files to upload them to Humly Control Panel
Ensure the file names are preserved as per the above picture
Root Certificate file name should be: root_cet.crt
Device Certificate file name should be: cert.crt
7. Set the network type to WiFi, and provide your Enterprise WiFi SSID name where the device will be installed, ensure the name is written exactly as it appears when scanning on other devices.
Fill in the account you want to use for the identity, this account is not related to the authentication, but for the RADIUS loggining if that is enabled.
8. Click Send the certificate to device button to upload the files to the Humly Room Display
9. When you see the message below, you can power off the device, and move it to the installation place, boot the device again, and it will automatically connect to the configured network.
Note: the device certificate can be renewed without the need to move the device to the staging network as long as the device has a connection to Humly Control Panel.
This can be done by deleting the old cert from HCP as per the screenshot below and repeating steps 5 to 9 then rebooting the Humly Room Display device.
Note: When configuring 802.1X, the root_cert
must be the CA that issued the RADIUS server’s certificate (e.g., Cisco ISE), not the one that issued the client certificate. In some environments these are the same, but if they're different, trusting the wrong CA will cause authentication to fail.