When connecting to the eduroam wifi SSID on a Linux computer.
Connecting to the eduroam network is very similar to connecting to UVA's VPN on linux. See VPN Setup for details there.
For this tutorial, our example compute ID will be "jjruv4
".
To start, you'll need three different files to connect to the eduroam network: an usher/CA certificate file, a personal/user certificate file, and a private key file
(Optional) Enter the MAC/hardware address of the wireless network card for your device. If you don't know your MAC address, you can find it by opening a terminal and using the ip
a
command, then finding the interface that corresponds to your wifi network card. It may begin with "wlp" in the ID. Then, the hexadecimal string following "link/ether" will be your MAC address.
Enter a passphrase for your private key.
This is not your netbadge login password, or any other UVA password. This is a unique passphrase used only for this certificate file. |
Make sure to record this passphrase and put it somewhere safe! This passphrase is required to use your certificate, and no one can recover it after the fact, not even UVA IT. |
.p12
". .p12
file.openssl
command as described in https://serverfault.com/a/413836. Assuming your file name is jjruv4.p12
:openssl pkcs12 -in jjruv4.p12 -clcerts -nokeys -out jjruv4_user_cert.crt
.p12
file (if you haven't already).openssl pkcs12 -in jjruv4.p12 -nocerts -out jjruv4.key
.p12
file from UVA.It will then ask for a PEM passphrase. This is a passphrase that you set now that will encrypt the contents of your .key file. This the first time you are setting this passphrase, so it is not your import passphrase, your UVA netbadge login password, or any other password.
Make sure to record and store your PEM passphrase in a safe location! You cannot connect to the network without it. If you lose your PEM passphrase, there is no way to recover it, and you will have to extract the .key file again. |
.key
file without a PEM passphrase and, therefore without any encryption, but this is very insecure! You can add the -nodes
flag to the previous openssl
command:openssl pkcs12 -in jjruv4.p12 -nocerts -out jjruv4.key
Set your configuration as follows. Please note that the exact option names may be different on your OS. If a configuration option is not listed here, then it should (most likely) be on its default setting:
Security | WPA/WPA2 Enterprise |
Authentication | TLS |
Identity | <Your compute ID email address in all lower-case letters. Example: "jjruv4@virginia.edu"> |
User Certificate | <The full path to your .crt file. Use the file selection menu if possible. Otherwise, you may need to prefix the file path with the "file://" URI. Example: "file:///home/jjruv4/.certs/jjruv4.crt"> |
CA Certificate | <The full file path to your usher certificate (usher.cer). Use the file selection menu if possible. Otherwise, you may need to prefix the file path with the "file://" URI. Example: "file:///home/jjruv4/.certs/usher.cer"> |
Private Key | <The full file path to your private key (.key) file. Use the file selection menu if possible. Otherwise, you may need to prefix the file path with the "file://" URI. Example: "file:///home/jjruv4/.certs/jjruv4.key"> |
Private Key Password | <The password given when you created and downloaded the .p12 file from UVA in Step 2. This is not your UVA netbadge password, nor is it your PEM passphrase.> |
Make sure to uncheck the "All users may connect to this network" option in the "General" tab. This may also be named as "Available to all users", or similar.
Connect to the network
You should now be able to click on the eduroam network and connect!
If you set a PEM passphrase, the network manager software will need this to de-crypt and use your private key file, so enter the passphrase when
Information for this how-to was taken from the UVA Physics site:
http://galileo.phys.virginia.edu/compfac/faq/linux-eduroam.html
Some of their steps did not work for my setup, and were edited accordingly in this write-up. Their configuration may work for you if you are having trouble with this one.
|