Mon Feb 14 13:53:07 +07 2022

Managing eduroam profile on enterprise-wifi.net

enterprise-wifi.net is a very strong tool to create automatic configuration for eduroam. Once the eduroam profile has been created, auto-configuration scripts can be downloaded for Windows, Mac-OS and Linux (so far, no script is available for Android).

Safely configuring an eduroam profile by hand can be tricky as it requests very specific steps to be executed in a given order, eterprise-wifi.net is a great time and headache saver.

But it comes with some caveats.

Managing the administrators

Only Google accounts can create and manage profiles on enterprise-wifi.net. Furthermore, I could not find a way to assign the master administrator role to someone else: the use who first created the profile is the only one that can add administrators. When that user becomes invalid in Google, a totally new profile must be created from scratch.

The profile used for AIT/CSIM has been created by nicoleo@ait.asia

Managing the certificates

For a PEAP-MSCHAPv2 the profile must include a root certificate authority, even when you use a properly certified, and the infrastructure is able to provide all CA, root and intermediates.

As a consequence, if the CA included to the profile expire, the profile need to be generated anew and every device must install the new profile.

As of February 2022, we are using the following:

The profile will have to be updated by September 2024.

The intermediate CAs are provided by Let's Encrypt when signing or renewing a certificate, the are in the file ca.cert; the root CA, I found it on Let's Encrypt web page about the chain of trust.


Posted by Olivier | Permanent link | File under: administration, wireless