I need help connecting to my school network using a CA Certificate
My school requires a CA certificate to connect to the network (supplied by CyberHound Software), however when I download the .crt
file and open it to show the option to import, I am unable to do. The screenshot below shows a greyed-out box for the "import":
I've tried various ways of connecting to the network such as changing the default authentication options. I have also looked throughout these forums and tried various suggestions by the community such as:
sudo mkdir /usr/local/share/ca-certificates/extra
sudo cp root.cert.pem /usr/local/share/ca-certificates/extra/root.cert.crt
sudo update-ca-certificates
I'm really struggling to connect to my school's WiFi, which I need as the school's cracking down on the usage of hotspots. The school's "IT Helpdesk" is unable to assist as they are not familiar with Linux systems.
You may need to set the CA certificate to be part of the WiFi connection properties. Generally you can do it like this:
Note: This answer is making the assumption that you are using Ubuntu Desktop 20.04 LTS. If you are not using this version of Ubuntu, some of the screenshots may appear different from what you see. The basic steps remain the same, though.
-
Open the WiFi Settings option from the icon in the upper-right corner of the desktop:
-
Click the "Gear" icon next to the network that you would like to connect to:
-
When the network connection settings modal form opens, you'll want to click the "Security" tab and do the following:
Note: If you have any documentation from your school about how to connect to the network, have it handy. For the sake of this example, I will be using the settings that are commonly found at university campuses around central Japan, which may be quite different from where you are.
-
Next to "Security", choose "WPA & WPA2 Enterprise"
-
Next to "Authentication:", select "TLS"
-
Leave "Identity" blank
-
Click the button next to "CA Certificate", and choose certificate file that you downloaded.
Note: Be sure to keep that file on your computer in a location where it will not be accidentally deleted. Using
.ssh
in your home directory may be a logical choice. -
If you need to provide a private key, add that under "Private Key"
Now you should have enough to connect to the network. If you cannot connect, then there's a possibility that your school is using "PEAP" instead of TLS. Many of the steps above remain the same however:
- Next to "Authentication", choose "Protected EAP (PEAP)"
- Next to "PEAP Version", set "Automatic"
- Confirm "Inner Authentication" is set to the evil
MSCHAPv2
- Next to "User Name" enter your primary school email address or student ID
- Next to "Password", enter your password
-
Finally, if this works, be sure to write up a really good "How To", complete with screen shots and bullet points. Share that on the school boards. Share it with the IT people who may not know Linux. You would be surprised how many "hidden" opportunities are made available at universities to the people who openly share knowledge with clear, simple language.
Disclaimer: I work in education, so may be biased a little with this last suggestion.