This information pertains to LabQuest 2 and LabQuest 3.

The original LabQuest does not support this functionality.

To install a certificate you will need the certificate from your security server (refer to your IT department). It needs to be in Base64 encoding with a “.pem” extension (see below for details).

First, save the certificate file onto a micro-SD card (LabQuest 2 only) or USB flash drive.

Connect the USB flash drive or SD card to your LabQuest, then, do the following:

  1. Launch the Connections App
    LabQuest 2⚊Tap the Wi-Fi icon.
    LabQuest 3⚊Choose Connections from the Settings Screen.
  2. Tap the gear or network icon, , in the upper-right corner of the Connections App screen.
  3. Tap the gear or network icon, , in the upper-right corner of the Network Settings dialog.
  4. Tap the Certificates tab.
  5. Tap Add, browse to the USB/SD drive, and select the certificate file.

Once it is installed, select the “Do not use CA certificates” checkbox to clear it.

Certificate Types
There are two main types of certificate encoding, Binary and Base64. The software that generates them offers options. If it is Base64 encoded, you can rename the file to have a .pem extension. If you open the file in a text editor, a Base64 encoded file should start with a “—– BEGIN…” line (binary will not).

If you only have your certificate file and don’t know its origin or how to convert it, the best advice is to use the built in openssl command line on a Linux or Mac terminal: https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them
There are a variety of online tools that do the same thing, but we recommend against using these tools if you are inexperienced with certificates and unfamiliar with the file contents. The file may also contain other security information, such as your public key (we need the certificate to indicate if that is or is not your public key) and the private key. Note that both the public key and certificate can be posted on billboards and that doesn’t compromise your security, but if you accidentally let your private key loose, (e.g., uploading it to a random website found online), you may compromise your wireless network and everything else you are securing with this information. It is better to keep the file local. (Note: If you notice your file contains multiple “– BEGIN…” lines, your file contains multiple items, possibly including your private keys. You can use that file on a LabQuest and the LabQuest will grab the correct information from it, but you probably should reduce that file in the first place.)

For more technical detail about how certificates work in general, see: http://en.wikipedia.org/wiki/X.509

Less technical background:
More secure implementations of WPA2-Enterprise have the access points (or radius server) identify to the devices connecting to them. This prevents someone from setting up a rogue Access Point (AP) with the same network name that would prompt for their username and password, and (when someone attempts to connect to it) it disclose their username and password to the operator of that AP. LabQuest does not check the identity of APs by default because it doesn’t have a way to validate that identity out of the box. However, some APs require that devices validate their identity and will not allow devices to connect unless they validate. LabQuest can be configured to always validate if you install a certificate for the LabQuest to validate with an access point.

See also:
My USB drive is not recognized by LabQuest. What can I do?