How to setup MacOSX 10.6 for freeRADIUS TLS or WPA2 Enterprise access
Posted: January 6th, 2011 | Author: Godwin | Filed under: freeRADIUS, Mac | Tags: 10.6, certificate, Certificate Authority, freeradius, Mac, MacOS, MacOSX, request, sign, TLS, WPA2 Enterprise | No Comments »Apple’s documentation for TLS access is rather thin on how to use generate certificates etc. for freeRADIUS. Here are some quick instructions.
First, the guest machine must generate a certificate request.
- Go to Applications -> Utilities -> Keychain Access
- Under Keychain Access -> Certificate Assistant -> Request a Certificate from a Certificate Authority…
- Fill in the info, give them your CA Email Address (the one that is in your ca.cnf file)
- Either Save or Email (however if a guest is visiting your house and doesn’t have wifi nor cell access, it could be a problem!).
- Once you have transfered the request to your server issue the command (substitute guestname with what ever you like, in my guest.cnf, I have set the lifetime of the certificate to 1 day:
openssl ca -config guest.cnf -policy policy_anything -out guests/guestname.crt -extensions xpclient_ext -extfile xpextensions -infiles guestname.crt
- Return the ca.crt (if your guest is a frequent visitor or a close friend) and guestname.crt
Setup 802.1X or WPA2 Enterprise access on the guest’s machine:
- Open Keychain Assistant (if you have closed it)
- Click the user’s keychain, if the padlock is closed, click on it.
- Drag the certificates generated above into the keychain
- Optionally: Click on the Trust tab and select Always Trust (Assuming you do no evil!)
- Quit Keychain Assistant
- Open Preferences -> Network
- Select Airport -> Advanced..
- Select 802.1X tab
- Create a new User Profile via the + icon on the lower left hand corner of the window.
- Give the profile any name you like
- Check the TLS box under Authentication
- Click on Configure Trust
- Select the Certificates tab
- On the lower left hand corner, click on the + and select Select Certificate From Keychain
- Click OK and the window will close
- Select the SSID from the Wireless Network: drop down list
- Select WPA2 Enterprise from the Security Type: drop down list
- Click OK and you will be back in the Network window
- The profile name should appear now next to 802.1X
- Click on Turn Airport On
- The 802.1X should automatically connect, if not click on the Connect button
- To disconnect, click on Disconnect or Turn Airport Off.
Additional Reading:
Apple’s Resources with pretty pictures.
Leave a Reply
You must be logged in to post a comment.