2

My ISP force to use certificates through IEEE 802.1x Standard to log into their (NOT!-wireless) network.

There's a Client Certificate MyName.p12 and a Server Certificate hotzoneCA.der. I must give my MAC address too.

There's no NetworkManager for the wired that I know, but I want to log in with my Raspberry and I don't know how to import the certificates the right way.

edit: My ISP don't want to support Linux, I should google "xsupplicant" and "eap-tls" and try to get it running. But I'm not sure if the hint is useful.

user280557
  • 23
  • Can you precise your question, be more specific and maybe paste a link to your ISP? Is it http://hotzone.de? Are you talking about a VPN login? http://www.hotzone.de/en/faq – mcantsin May 11 '14 at 21:04
  • A Link to my ISP: http://hotzone.de/ I must use it, because I live in a student dormitory and this is the only ISP here.

    I don't know how to be more specific. In Windows I "install" the Certificates and then I log in over ethernet. When I use Linux I can only use Certificates, when I use a wireless connection.

     – user280557 May 12 '14 at 22:38
  • It's not a VPN, it's a kind of authentication. Look here, when I use wireless ethernet, I can put the certificates in like this: http://hotzone.de/uploads/Giqtv67H-rx_dzRy9WvRxQ/xuNSDbXWdc7LqEzCeBpG4A/D_WLAN_Linux.pdf . But in our dormitory we can just use ethernet and in Linux I can't put the certificates "on the system".

    PS: Sorry, can't edit the last one.

     – user280557 May 12 '14 at 22:48

1 Answers1

0

  1. In Ubuntu install wpa_supplicant:

    sudo apt-get install wpasupplicant

  2. Edit the wpa_supplicant configuration file (e.g. /etc/wpa_supplicant.conf), ant put the following:

    network={
   ssid="YOUR-SSID"
   scan_ssid=1
   key_mgmt=WPA-EAP
   pairwise=CCMP TKIP
   group=CCMP TKIP
   eap=TLS
   identity="XXXXX@yourdomain.com"
   ca_cert="/etc/certs/cacert.pem"
   client_cert="/etc/certs/cert.pem"
   private_key="/etc/certs/key.pem"
   private_key_passwd="YOUR-PASSWORD"
}

    "YOUR-PASSWORD" is the password provided by your administrator when your received your .p12 certificate. "YOUR-SSID" is the (B/E)SSID of the wireless access network

  3. Start wpa_supplicant

    wpa_supplicant -B -i IFACE -Dwext -c /etc/wpa_supplicant.conf

    Where IFACE is the name of your wireless interface.

  4. Check that you are associated

    iwconfig IFACE

    To get an IP address use

    dhclient IFACE
mcantsin
  • 1,254
  • 1
  • 12
  • 29
  • Like I said, before you " improved" my question: I can configure it in a wireless connection, but I have a wired (normal ethernet). So i can't use the certificates at (normal) ethernet.

    I don't know if the hint of my ISP was useful, sometimes when I'm talking to them I think they don't know what they do.

     – user280557 May 14 '14 at 17:06
  • I didn't change your question, just make the title more comprehensible. Feel free to specify your question, so that the returned answers are helpful to you. - How else can I know what you want to do ...? – mcantsin May 14 '14 at 20:58
  • I used your advice and know why it didn't worked... I used the "tunneled TLS", but when I looked at your help here I try the normal "TLS" and then it worked perfect. Thank you! – user280557 May 15 '14 at 22:17