For applications based on SSL/TLS (e. g. EAP/802.1x, HTTPS or RADSEC), the SSL (server) certificate together with the private key and intermediate level CA certificate(s) are loaded into the device as a PKCS#12 container.
The remote devices establishing a connection only have to send their own device certificates to the LANCOM. The certificate chain is checked for validity in the LANCOM.