<!DOCTYPE HTML> <html lang="" > <head> <meta charset="UTF-8"> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <title>Ubuntu 路 eduroam at CERN</title> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta name="description" content=""> <meta name="generator" content="GitBook 3.2.2"> <meta name="author" content="Quentin Barrand"> <link rel="stylesheet" href="../../gitbook/style.css"> <link rel="stylesheet" href="../../gitbook/gitbook-plugin-alerts/style.css"> <link rel="stylesheet" href="../../gitbook/gitbook-plugin-terminal/plugin.css"> <link rel="stylesheet" href="../../gitbook/gitbook-plugin-highlight/website.css"> <link rel="stylesheet" href="../../gitbook/gitbook-plugin-search/search.css"> <link rel="stylesheet" href="../../gitbook/gitbook-plugin-fontsettings/website.css"> <meta name="HandheldFriendly" content="true"/> <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="apple-mobile-web-app-status-bar-style" content="black"> <link rel="apple-touch-icon-precomposed" sizes="152x152" href="../../gitbook/images/apple-touch-icon-precomposed-152.png"> <link rel="shortcut icon" href="../../gitbook/images/favicon.ico" type="image/x-icon"> <link rel="next" href="wpa_supplicant.html" /> <link rel="prev" href="rhel.html" /> </head> <body> <div class="book"> <div class="book-summary"> <div id="book-search-input" role="search"> <input type="text" placeholder="Type to search" /> </div> <nav role="navigation"> <ul class="summary"> <li class="chapter " data-level="1.1" data-path="../../"> <a href="../../"> Introduction </a> </li> <li class="header">CERN users</li> <li class="chapter " data-level="2.1" data-path="../download_certificate.html"> <a href="../download_certificate.html"> Obtaining a certificate </a> </li> <li class="chapter " data-level="2.2" data-path="../generic.html"> <a href="../generic.html"> Configuring your device </a> <ul class="articles"> <li class="chapter " data-level="2.2.1" data-path="../windows.html"> <a href="../windows.html"> Windows </a> <ul class="articles"> <li class="chapter " data-level="2.2.1.1" data-path="../windows/7.html"> <a href="../windows/7.html"> Windows 7 </a> </li> <li class="chapter " data-level="2.2.1.2" data-path="../windows/8.html"> <a href="../windows/8.html"> Windows 8 </a> </li> <li class="chapter " data-level="2.2.1.3" data-path="../windows/10.html"> <a href="../windows/10.html"> Windows 10 </a> </li> <li class="chapter " data-level="2.2.1.4" data-path="../windows/11.html"> <a href="../windows/11.html"> Windows 11 </a> </li> </ul> </li> <li class="chapter " data-level="2.2.2" data-path="../apple.html"> <a href="../apple.html"> Apple </a> <ul class="articles"> <li class="chapter " data-level="2.2.2.1" data-path="../apple/macos.html"> <a href="../apple/macos.html"> macOS </a> </li> <li class="chapter " data-level="2.2.2.2" data-path="../apple/ipad.html"> <a href="../apple/ipad.html"> iPad </a> </li> <li class="chapter " data-level="2.2.2.3" data-path="../apple/iphone.html"> <a href="../apple/iphone.html"> iPhone </a> </li> </ul> </li> <li class="chapter " data-level="2.2.3" data-path="../android.html"> <a href="../android.html"> Android </a> <ul class="articles"> <li class="chapter " data-level="2.2.3.1" data-path="../android/android10.html"> <a href="../android/android10.html"> Android 10 </a> </li> <li class="chapter " data-level="2.2.3.2" data-path="../android/android11.html"> <a href="../android/android11.html"> Android 11 </a> </li> <li class="chapter " data-level="2.2.3.3" data-path="../android/android13.html"> <a href="../android/android13.html"> Android 13 </a> </li> <li class="chapter " data-level="2.2.3.4" data-path="../android/android14.html"> <a href="../android/android14.html"> Android 14 </a> </li> </ul> </li> <li class="chapter " data-level="2.2.4" data-path="../linux.html"> <a href="../linux.html"> Linux </a> <ul class="articles"> <li class="chapter " data-level="2.2.4.1" data-path="rhel.html"> <a href="rhel.html"> CentOS / Fedora </a> </li> <li class="chapter active" data-level="2.2.4.2" data-path="ubuntu.html"> <a href="ubuntu.html"> Ubuntu </a> </li> <li class="chapter " data-level="2.2.4.3" data-path="wpa_supplicant.html"> <a href="wpa_supplicant.html"> All distributions (not recommended) </a> </li> </ul> </li> </ul> </li> <li class="header">Visiting users</li> <li class="chapter " data-level="3.1" data-path="../../visiting_users/accepting_oc5.html"> <a href="../../visiting_users/accepting_oc5.html"> Accepting the OC5 rules </a> </li> <li class="divider"></li> <li> <a href="https://www.gitbook.com" target="blank" class="gitbook-link"> Published with GitBook </a> </li> </ul> </nav> </div> <div class="book-body"> <div class="body-inner"> <div class="book-header" role="navigation"> <!-- Title --> <h1> <i class="fa fa-circle-o-notch fa-spin"></i> <a href="../.." >Ubuntu</a> </h1> </div> <div class="page-wrapper" tabindex="-1" role="main"> <div class="page-inner"> <div id="book-search-results"> <div class="search-noresults"> <section class="normal markdown-section"> <h1 id="ubuntu">Ubuntu</h1> <p><strong>This tutorial has been tested with the following versions:</strong></p> <ul> <li><p>15.04</p> </li> <li><p>16.04</p> </li> <li><p>22.04</p> </li> </ul> <p><strong>The screenshots were taken using version:</strong> 15.04 and 22.04.</p> <hr> <blockquote> <p><strong>[warning] Your mileage may vary</strong></p> <p>NetworkManager has a history of regressions that made the EAP-TLS authentication feature not usable. The tutorial on this page may or may not work depending on the version of NetworkManager that is currently shipped with Ubuntu.</p> </blockquote> <h2 id="extracting-your-certificate-and-private-key-from-the-pkcs12-bundle">Extracting your certificate and private key from the PKCS#12 bundle</h2> <p>Extract the private key from the <code>eduroam.p12</code> bundle that you downloaded from the CERN CA website:</p> <pre><code>**[terminal] **[prompt [user@host ]**[path ~]**[prompt ]]**[delimiter $ ]**[command openssl pkcs12 -nocerts -in eduroam.p12 -out userkey.pem] Enter import password: MAC verified OK Enter PEM pass phrase: Verifying - Enter PEM pass phrase: **[prompt [user@host ]**[path ~]**[prompt ]]**[delimiter $ ] </code></pre><p>REMARK: on newer Linux verison like Ubuntu 22.04 or Fedora 36 --legacy opetion is needed to extract privete key</p> <pre><code>**[terminal] **[prompt [user@host ]**[path ~]**[prompt ]]**[delimiter $ ]**[command openssl pkcs12 -nocerts -in eduroam.p12 -out userkey.pem --legacy] Enter import password: MAC verified OK Enter PEM pass phrase: Verifying - Enter PEM pass phrase: **[prompt [user@host ]**[path ~]**[prompt ]]**[delimiter $ ] </code></pre><p>The <code>import password</code> is the password that you noted down when generating the certificate on the CA website. The <code>PEM pass phrase</code> can be any password of your choice. You need to enter it twice.</p> <p>Now, extract the certificate:</p> <pre><code>**[terminal] **[prompt [user@host ]**[path ~]**[prompt ]]**[delimiter $ ]**[command openssl pkcs12 -clcerts -nokeys -in eduroam.p12 -out usercert.pem] Enter import password: MAC verified OK **[prompt [user@host ]**[path ~]**[prompt ]]**[delimiter $ ] </code></pre><p>REMARK: on newer Linux verison like Ubuntu 22.04 or Fedora 36 --legacy opetion is needed to extract certificates</p> <pre><code>**[terminal] **[prompt [user@host ]**[path ~]**[prompt ]]**[delimiter $ ]**[command openssl pkcs12 -clcerts -nokeys -in eduroam.p12 -out usercert.pem --legacy] Enter import password: MAC verified OK **[prompt [user@host ]**[path ~]**[prompt ]]**[delimiter $ ] </code></pre><p>Also rename the CA certificate to a filename without spaces:</p> <pre><code>**[terminal] **[prompt [user@host ]**[path ~]**[prompt ]]**[delimiter $ ]**[command mv &apos;CERN Root Certification Authority 2.crt&apos; cern_ca_2.crt] **[prompt [user@host ]**[path ~]**[prompt ]]**[delimiter $ ] </code></pre><h1 id="setting-up-the-connection">Setting up the connection</h1> <p>Try connecting to the eduroam network using the top-right menu. NetworkManager will open a pop-up and ask you for the following information:</p> <ul> <li>Wi-Fi security: <em>WPA &amp; WPA2 Enterprise</em></li> <li>Authentication: <em>TLS</em></li> <li>Identity: <code>anonymous@cern.ch</code></li> <li>Domain: <code>cern.ch</code></li> <li>User certificate: browse to the <code>usercert.pem</code> file and select it</li> <li>CA certificate: browse to the `` file and select it</li> <li>Private key: browse to the <code>userkey.pem</code> file and select it</li> <li>Private key password: the <code>PEM pass phrase</code> that you wrote at the OpenSSL step</li> </ul> <p>After you click on the <em>Connect</em> button, you should be successfully connected to eduroam.</p> <p><img src="images/Ubuntu-22.png" alt="NetworkManager Configuration"></p> <hr> <blockquote> <p><strong>[info] In case you don&apos;t find your private key...</strong></p> <p>Some NetworkManager versions suffer from a bug that prevents them from selecting the <code>userkey.pem</code> file. In this case, you can drag and drop the file from a file explorer window to the button in the NetworkManager window, as the screenshot below suggests.</p> </blockquote> <p><img src="images/ubuntu_2.png" alt="Drag and drop to the NetworkManager window"></p> <blockquote> <p><strong>[info]</strong> If the window below about insecure private keys pops up, just click <em>OK</em>, as your private key is in fact encrypted.</p> </blockquote> <p><img src="images/ubuntu_3.png" alt="Insecure private key"></p> </section> </div> <div class="search-results"> <div class="has-results"> <h1 class="search-results-title"><span class='search-results-count'></span> results matching "<span class='search-query'></span>"</h1> <ul class="search-results-list"></ul> </div> <div class="no-results"> <h1 class="search-results-title">No results matching "<span class='search-query'></span>"</h1> </div> </div> </div> </div> </div> </div> <a href="rhel.html" class="navigation navigation-prev " aria-label="Previous page: CentOS / Fedora"> <i class="fa fa-angle-left"></i> </a> <a href="wpa_supplicant.html" class="navigation navigation-next " aria-label="Next page: All distributions (not recommended)"> <i class="fa fa-angle-right"></i> </a> </div> <script> var gitbook = gitbook || []; gitbook.push(function() { gitbook.page.hasChanged({"page":{"tested_with":[15.04,16.04,22.04],"screenshots_version":"15.04 and 22.04","distribution":"Ubuntu","image":"Ubuntu-22.png","title":"Ubuntu","level":"2.2.4.2","depth":3,"next":{"title":"All distributions (not recommended)","level":"2.2.4.3","depth":3,"path":"cern_users/linux/wpa_supplicant.md","ref":"cern_users/linux/wpa_supplicant.md","articles":[]},"previous":{"title":"CentOS / Fedora","level":"2.2.4.1","depth":3,"path":"cern_users/linux/rhel.md","ref":"cern_users/linux/rhel.md","articles":[]},"dir":"ltr"},"config":{"plugins":["alerts","terminal"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"alerts":{},"terminal":{"copyButtons":true,"fade":true,"style":"flat"},"highlight":{},"search":{},"lunr":{"maxIndexSize":1000000,"ignoreSpecialCharacters":false},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"fontsettings":{"theme":"white","family":"sans","size":2},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false}},"theme":"default","author":"Quentin Barrand","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{"cern_ca_website":"https://cern.ch/ca/","cern_ca_cert_filename":"CERN Root Certification Authority 2.crt"},"title":"eduroam at CERN","links":{"contribute":"https://gitlab.cern.ch/network/eduroam-docs","sharing":{"google":null,"facebook":null,"twitter":null}},"gitbook":"*"},"file":{"path":"cern_users/linux/ubuntu.md","mtime":"2024-07-10T09:14:17.281Z","type":"markdown"},"gitbook":{"version":"3.2.2","time":"2024-07-10T09:14:20.867Z"},"basePath":"../..","book":{"language":""}}); }); </script> </div> <script src="../../gitbook/gitbook.js"></script> <script src="../../gitbook/theme.js"></script> <script src="../../gitbook/gitbook-plugin-alerts/plugin.js"></script> <script src="../../gitbook/gitbook-plugin-terminal/plugin.js"></script> <script src="../../gitbook/gitbook-plugin-search/search-engine.js"></script> <script src="../../gitbook/gitbook-plugin-search/search.js"></script> <script src="../../gitbook/gitbook-plugin-lunr/lunr.min.js"></script> <script src="../../gitbook/gitbook-plugin-lunr/search-lunr.js"></script> <script src="../../gitbook/gitbook-plugin-sharing/buttons.js"></script> <script src="../../gitbook/gitbook-plugin-fontsettings/fontsettings.js"></script> </body> </html>