As of Link-OS v3.0, Zebra’s Link-OS printers support downloading PEM and DER formatted WLAN certificates for the TLS, TTLS, and PEAP security types. Additionally, P12 formatted certificates are now supported for downloading private keys, which may include the client certificates as well.


Selected WLAN security types require certificate files be loaded on the printer so that it can be authenticated to the network. Here is the list of certificate file types and associated file names that must be stored on the printer when using different WLAN security types:


Prior to Link-OS v3.0, printers required that the WLAN certificate files be stored on the printer in the PEM format. Users who created WLAN certificate files in the DER (.der) or P12 (.pfx) formats then had to convert them into the PEM format using the open source Opensll.exe utility. Details on this process are here

New In Link-OS v3

Link-OS v3.0 introduces these changes:

  • P12 formatted certicates (.pfx) are now supported for the purpose of placing private keys and client certificates on the printer, within the PRIVKEY.NRD file. P12 files can be used with the EAP-TLS, WPA-EAP-TLS and WPA2-EAP-TLS security types.


     NOTE. When using TLS, you will need to use the SGD "wlan.private_key_password" command if the private key is encrypted. The command works in the following way:

! U1 setvar "wlan.private_key_password" "value"

Where "value" is an alphanumeric string, up to 32 characters in length. The command must be followed by a carriage return or a space character.


  • PRIVKEY.NRD: If P12 encoding is used it must contain the private key, and may optionally also contain the client certificate. This allows the client certificate to be P12 formatted, so long as it is in the same file as the private key. When this is the case, no CERTCLN.NRD should be loaded on the printer.

     NOTE. If using TLS, the printer will check for the presence of a CERTCLN.NRD file. If it is not present, the printer will assume the client cert is in the PRIVKEY.NRD file.

WLAN certificate files in the DER (.der) format can be directly downloaded to the printer, so long as the naming scheme noted in the Introductionabove is used.

For TLS all of the files do not need to be in the same format. Example: PRIVKEY.NRD can be in P12 format, CERTCLN.NRD can be in DER format, and CACERTSV.NRD can be in PEM format.

Use Cases

  • Printer administrator receives a P12 formatted file, which includes the private key and client certificate. This file can be loaded onto the printer as PRIVKEY.NRD and used as is.
  • Printer administrator receives certificate files encoded in the DER format. These files can be loaded onto the printer with the specified name(s) and used without format conversion.

Click to read the full Application Note on Direct WLAN Certificate Downloading