Differences

This shows you the differences between two versions of the page.

--- en:verejne:sit:wi-fi:linux [30.09.2024 20:02] – suggest enabling ipv6 with iwd Karel Kopecký
+++ en:verejne:sit:wi-fi:linux [18.02.2026 19:31] (current) – updated CA to HARICA Pavel Valach
@@ Line 21: / Line 21: @@
        * **Anonymous identity**: ''anonymous@sin.cvut.cz''
        * **Domain**: ''radius.sin.cvut.cz''
-       * **CA certificate**: either browse to ''/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem'', or [[en:verejne:sit:cert|download and save it]] (download format PEM)
+       * **CA certificate**: either browse to ''/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem'', or [[en:verejne:sit:cert|download and save it]] (download format PEM)
        * **Inner authentication**: PAP
        * **Username**: use your SIN username or SIN email (find it after logging in to [[https://sinis.sin.cvut.cz|SINIS]])
@@ Line 37: / Line 37: @@
 In case you want to set up a wpa_supplicant profile manually, we have prepared a Sincoolka network definition below.
-To properly verify that you are using our server, the CA certificate is necessary. It should be already on your system at path ''/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem'', so this configuration will use that. If you don't have it there, you may [[en:verejne:sit:cert|download it from us]] and save it. You will then enter the path to this file in the wpa_supplicant configuration profile.
+To properly verify that you are using our server, the CA certificate is necessary. It should be already on your system at path ''/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem'', so this configuration will use that. If you don't have it there, you may [[en:verejne:sit:cert|download it from us]] and save it. You will then enter the path to this file in the wpa_supplicant configuration profile.
 <file wpa_supplicant wpa_supplicant.conf>
@@ Line 46: / Line 46: @@
     eap=TTLS
     # path to the downloaded CA certificate
-    ca_cert="/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem"
+    ca_cert="/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem"
     domain_match="radius.sin.cvut.cz"
     phase2="auth=PAP"
@@ Line 69: / Line 69: @@
 (depending on which network you'd like to connect) under ''/var/lib/iwd'' directory. The suggested contents can be found below.
-To properly verify that you are using our server, the CA certificate is necessary. It should be already on your system at path ''/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem'', so this configuration will use that. If you don't have it there, you may [[en:verejne:sit:cert|download it from us]] and save it. You will then enter the path to this file in the wpa_supplicant configuration profile.
+To properly verify that you are using our server, the CA certificate is necessary. It should be already on your system at path ''/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem'', so this configuration will use that. If you don't have it there, you may [[en:verejne:sit:cert|download it from us]] and save it. You will then enter the path to this file in the wpa_supplicant configuration profile.
 <file iwd Sincoolka.8021x>
@@ Line 79: / Line 79: @@
 EAP-Identity=anonymous@sin.cvut.cz
 EAP-TTLS-ServerDomainMask=radius.sin.cvut.cz
-EAP-TTLS-CACert=/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem
+EAP-TTLS-CACert=/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
 EAP-TTLS-Phase2-Method=Tunneled-PAP
 EAP-TTLS-Phase2-Identity=your.username@sin.cvut.cz