Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
en:verejne:sit:wi-fi:linux [02.05.2021 22:18] – [iwd] fixed config Pavel Valachen:verejne:sit:wi-fi:linux [30.09.2023 11:39] (current) – changed the CA certificate to USERTrust Pavel Valach
Line 21: Line 21:
        * **Anonymous identity**: ''anonymous@sin.cvut.cz''        * **Anonymous identity**: ''anonymous@sin.cvut.cz''
        * **Domain**: ''radius.sin.cvut.cz''        * **Domain**: ''radius.sin.cvut.cz''
-       * **CA certificate**: [[en:verejne:sit:cert|download and save it]] (download format PEM)+       * **CA certificate**: either browse to ''/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem'', or [[en:verejne:sit:cert|download and save it]] (download format PEM)
        * **Inner authentication**: PAP        * **Inner authentication**: PAP
        * **Username**: use your SIN username or SIN email (find it after logging in to [[https://sinis.sin.cvut.cz|SINIS]])        * **Username**: use your SIN username or SIN email (find it after logging in to [[https://sinis.sin.cvut.cz|SINIS]])
        * **Password**: the same as for your SINIS login. \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-profile-sec.png?nolink|}}        * **Password**: the same as for your SINIS login. \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-profile-sec.png?nolink|}}
      * Confirm your settings by pushing the **Save** button.      * Confirm your settings by pushing the **Save** button.
 +
 +<note important>The picture has the certificate wrong! It's for illustration purposes only.</note>
  
 Now, your connection should be all set for secure Wi-Fi browsing. Now, your connection should be all set for secure Wi-Fi browsing.
Line 35: Line 37:
 In case you want to set up a wpa_supplicant profile manually, we have prepared a Sincoolka network definition below.  In case you want to set up a wpa_supplicant profile manually, we have prepared a Sincoolka network definition below. 
  
-Please [[en:verejne:sit:cert|download the proper **CA certificate** first]] and save it. You will enter the path to this file in the wpa_supplicant configuration profile.+To properly verify that you are using our server, the CA certificate is necessary. It should be already on your system at path ''/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem'', so this configuration will use that. If you don't have it there, you may [[en:verejne:sit:cert|download it from us]] and save it. You will then enter the path to this file in the wpa_supplicant configuration profile.
  
 <file wpa_supplicant wpa_supplicant.conf> <file wpa_supplicant wpa_supplicant.conf>
Line 44: Line 46:
     eap=TTLS     eap=TTLS
     # path to the downloaded CA certificate     # path to the downloaded CA certificate
-    ca_cert="/etc/cert/sin-wifi-ca.pem"+    ca_cert="/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem"
     domain_match="radius.sin.cvut.cz"     domain_match="radius.sin.cvut.cz"
     phase2="auth=PAP"     phase2="auth=PAP"
Line 67: Line 69:
 (depending on which network you'd like to connect) under ''/var/lib/iwd'' directory. The suggested contents can be found below. (depending on which network you'd like to connect) under ''/var/lib/iwd'' directory. The suggested contents can be found below.
  
-Please [[en:verejne:sit:cert|download the proper CA certificate first]] and save it. You will enter the path to this file in the iwd configuration profile.+To properly verify that you are using our server, the CA certificate is necessary. It should be already on your system at path ''/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem'', so this configuration will use that. If you don't have it there, you may [[en:verejne:sit:cert|download it from us]] and save it. You will then enter the path to this file in the wpa_supplicant configuration profile.
  
-<file iwd Sincoolka 5G.8021x>+<file iwd Sincoolka.8021x>
 [Security] [Security]
 EAP-Method=TTLS EAP-Method=TTLS
 EAP-Identity=anonymous@sin.cvut.cz EAP-Identity=anonymous@sin.cvut.cz
 EAP-TTLS-ServerDomainMask=radius.sin.cvut.cz EAP-TTLS-ServerDomainMask=radius.sin.cvut.cz
-EAP-TTLS-CACert=/etc/cert/downloaded-ca-certificate.pem+EAP-TTLS-CACert=/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem
 EAP-TTLS-Phase2-Method=Tunneled-PAP EAP-TTLS-Phase2-Method=Tunneled-PAP
 EAP-TTLS-Phase2-Identity=your.username@sin.cvut.cz EAP-TTLS-Phase2-Identity=your.username@sin.cvut.cz
  • en/verejne/sit/wi-fi/linux.1619993928.txt.gz
  • Last modified: 02.05.2021 22:18
  • by Pavel Valach