Self-Help Knowledge
Base Articles


LinkRunner AT: Certificates - Requirements and Troubleshooting

Views: 0

LinkRunner AT (LRAT) can be used in secure environments that require 802.1x authentication.

LRAT Manager can be used to import 802.1x certificates to the LRAT Tester to allow connectivity on secure networks. When importing a certificate to the tester the certificate must be formed with the following requirements:

  • The certificate must contain the private key.
  • It must not be a self-signed certificate.
  • The private key must be marked as “exportable” if exported from the Windows certificate store.
  • The key length must not be greater than 2048 bits.
  • The certificate chain may contain at a maximum 1 user certificate plus up to 5 chained CA certificates.
  • The certificate or key must be one of the following discrete sizes: 512, 768, 1024, 1280, 1536, 1792, or 2048 bits.


Sometimes the private key is provided in a separate file. LRAT Manager Software does not have a mechanism to combine the private key with the client certificate. You may be able to simply concatenate the text of the private key onto the client certificate in a text editor. If such a concatenation is done, be sure to insert the private key last in the client certificate file. 

If you comply with the requirements above and are still experiencing issues please review the list of potential issues below:

  • Certificates that have an empty "x509v3 Key Usage" field in the "x509v3 Extensions" section of the certificate. It should have entries like "Digital Signature" or "Key Encipherment" as the Key Usage field.
  • LRAT supports .PFX, .P12, .PEM, .CRT, .CER, and .PEM certificate file types. If the certificate is encoded in a .PEM (ASCII base64) format, make sure the private key is located after the client cert within the file.
  • LRAT will use “expired” certificates without checking the date.


To Copy the Certificate:

1. Connect your LinkRunner AT to the PC using the supplied USB cable.

2. Launch the LinkRunner AT Manager software.  You can download here:

3. Within the LinkRunner AT Manager software, click Tools -> General Configuration

Note:  Only one certificate can reside on the tester at a time, which is why it is not part of the Profile Manager. Each profile can have 802.1X enabled or disabled in the Profile Manager.

4. Under Security, select the correct EAP type for your environment.

5. Click the "Select" button and then Search.

6. It will default to search for .PFX files, if you need a different file type please select that from the drop down box.

7. Once you've found the file, click open and select through and Apply until you receive the dialog to restart the LinkRunner AT.

8. Restart the unit.