Linux/Ubuntu - restricting use of CA cert to just wireless

wireless ssl certificates

We have a user who is trying to set eduroam up on his Ubuntu 20.04 PC, he has installed our CA cert (it's a local CA), but is there a way he can restrict the use of this certificate to certain purposes (so in this case just wireless connections)? I think you can do this with other OS's, and we recommend that users do this, but I don't know how to do this in Linux.

Thanks in advance,

Guy


Solution 1:

These are the steps and need to be done with the admin account.

  • Open the list of wireless networks
  • Click on the connection

Fill in ...

  • Wireless security: WPA & WPA2 Enterprise
  • Authentication : Tunnelled TLS
  • Anonymous identity: ->username
  • The CA certificte can be found in /etc/ssl/certs
  • Inner authentication: MSCHAPv2
  • Username: ->username
  • Password: ->password

Then ...

  • Click at CA certificate on none
  • Click left on File System and go to /etc/ssl/certs
  • Click on ca-certificates.crt
  • Click on Open

and connect.

but is there a way he can restrict the use of this certificate to certain purposes (so in this case wireless connections)?

As long as it is a user they can not add it themself to something else since it would require the admin password. An admin can always connect it to anything else but the cert will not be accepted for anything else so I don't see an issue here :)

Related

The TTY freezes after “Ctrl-A” hotkey and “s” pressing with GNU screen
Do the different characters in Temple Run affect gameplay?
Borderlands Lilith's talents Radiance and Phoenix explanation?
What are toasts? Can I eat those?
How do I play Portal 2 workshop maps?
How do you avoid Belial's slam attacks?
What is an HM Slave?
Do different foods restore a different amount of hunger?
What are the Jungle Respawn Times?
How do I play the Interceptor/UFO minigame?
When do my soldiers gain ranks?
What does this circular icon mean?