Arch Linux

sfabius

Member

Registered: 2007-07-07

Posts: 157

Certificates for new wifi on campus - making HOWTO

My University (University of Pittsburgh) is moving to a new authentication system for wireless, and while they are trying to help me get set up, I'm not sure if it is working.

I use netcfg and wpa_supplicant to connect. What's supposed to happen is described here. Basically, you connect to a special ESSID that runs a java script and installs certificates (at a minimum, it might do more). Earnest and apologetic helpdesk guy (really! it was refreshing...) said to just download the certificates and install manually. So I think that's what I did. Since they haven't switched the system over yet, I can't really test it. I want to check to make sure I'm doing things correctly. I also want to post the information in case others find themselves in the same situation.

I downloaded two certificates: InCommon.cer and UserTrust.cer

I converted these to *.pem format using the instructions here: http://www.gagravarr.org/writing/openss … ca-openssl.

Following the instructions further on that page, I placed them in /etc/ssl/certs, and symlinked the hash.

Now to use with wpa_supplicant. Here is the (public) configuration info given to me:

Network Name:  WIRELESS-PITTNET
Security Type:  WPA2-Enterprise
Encryption Type:  AES
Authentication Method:  Protected EAP (PEAP)

So here is my wpa_supplicant.conf entry:

network={
        disabled=0
        ssid="WIRELESS-PITTNET"
        key_mgmt=WPA-EAP
        eap=PEAP
        pairwise=CCMP    
        identity="username"
        password="passwrod"
        ca_cert="/etc/ssl/certs/InCommon.pem"
        ca_path="/etc/ssl/certs"
        client_cert="/etc/sll/certs/UserTrust.pem"
        priority=1
}

I have no idea if I have identified the ca_cert and client_cert correctly. I just guessed based on names.
So does this look right? What might I be doing wrong?