Hi Greg -
Okay, my memory of the details is fuzzy, obviously. Only the PTSD lingers! I have confidence that the certificate transition will be smoother than whichever past traumatic event I'm recalling. And if people still have issues, we have KBs on what to do about it.
On 4/1/20, 10:25 AM, "Technology Discussion at UVM on behalf of Greg Kuchyt" <[log in to unmask] on behalf of [log in to unmask]> wrote:
Things worked seamlessly for me here this morning getting the new cert via the managed avenue Jonathan put in place for managed macOS devices. I.e. On Android I had to Forget/Connect but that worked fine.
The cert was last replaced 3 years ago in 2017 using the same authority used for this certificate. I think the real headache event was some years prior to that (prior to my start here) because the cert used was cross-signed and there were trust issues with one of the signing authorities.
On 4/1/20, 09:47, "Technology Discussion at UVM on behalf of Geoffrey Duke" <[log in to unmask] on behalf of [log in to unmask]> wrote:
Assuming that people run the VPN, they should be able to receive configuration updates while at home and be all set to come to campus as use Wi-Fi. At least, that's the theory. :)
From: Technology Discussion at UVM <[log in to unmask]> On Behalf Of Andrew Hendrickson
Sent: Wednesday, April 1, 2020 9:39 AM
To: [log in to unmask]
Subject: Re: Wireless authentication certificate update
So, just to clarify our situation; we have both old and new certificates available at the moment. But after 4/5/2020 the old certificate will have expired, correct? Thus we will have the old catch-22 of five years ago because most users are currently off campus - they can't get on the UVM network to acquire the new certificate because the old certificate is expired.
Is my assumption correct? I'm just trying to make IT support personnel aware of one of the issues we will be dealing with en masse as we return to business as usual.
On 4/1/20, 8:05 AM, "Technology Discussion at UVM on behalf of Greg Kuchyt" <[log in to unmask] on behalf of [log in to unmask]> wrote:
This work has been done and I've confirmed authentication is working to both UVM and eduroam SSIDs.
On 3/31/20, 12:24, "Technology Discussion at UVM on behalf of Greg Kuchyt" <[log in to unmask] on behalf of [log in to unmask]> wrote:
The certificate that backs the authentication backend for 802.1x wireless networks at UVM (radius.uvm.edu) is set to expire on the 5th. This backend is what serves authentication for the UVM SSID and UVM affiliates who connect to eduRoam (regardless of geographical location) To avoid a support crisis over a weekend, I'm going to promote the new certificate tomorrow morning around 0800. I will update this posting once this has been done.
This will most likely result in the client being required to accept/review the certificate when they re-connect.
The Tech Team has drawn up a KB article for troubleshooting issues with this.