Linux/Ubuntu - restricting use of CA cert to just wireless

We have a user who is trying to set eduroam up on his Ubuntu 20.04 PC, he has installed our CA cert (it's a local CA), but is there a way he can restrict the use of this certificate to certain purposes (so in this case just wireless connections)? I think you can do this with other OS's, and we recommend that users do this, but I don't know how to do this in Linux.

Thanks in advance,

Guy


Solution 1:

These are the steps and need to be done with the admin account.

  • Open the list of wireless networks
  • Click on the connection

Fill in ...

  • Wireless security: WPA & WPA2 Enterprise
  • Authentication : Tunnelled TLS
  • Anonymous identity: ->username
  • The CA certificte can be found in /etc/ssl/certs
  • Inner authentication: MSCHAPv2
  • Username: ->username
  • Password: ->password

Then ...

  • Click at CA certificate on none
  • Click left on File System and go to /etc/ssl/certs
  • Click on ca-certificates.crt
  • Click on Open

and connect.

but is there a way he can restrict the use of this certificate to certain purposes (so in this case wireless connections)?

As long as it is a user they can not add it themself to something else since it would require the admin password. An admin can always connect it to anything else but the cert will not be accepted for anything else so I don't see an issue here :)