For users with laptops not issued by MIAD, there will be a certificate prompt when connecting to the network for the first time.
If you opt to click Continue, you will receive this prompt each time you connect to a new wifi array - of which there are several throughout campus, so you'll want to instruct your Mac to remember this certificate.
You can do so by:
- Click Show Certificate and then Trust.
- Select Always Trust and click Continue
- You'll be prompt for your computer's username and password (not your wifi credentials)
We renew our encryption certificates every 90 days or so, you'll have to do this each time we issue a new certificate, which is about 4 per year (3 per school year).
If you'd like to permanently trust the issuer (and subsequently valid certificates, follow the steps below for your particular device. The steps will only need to be done once.)
Why this Happens:
Your Mac is informing you that you're connecting to a wifi network with a new encryption certificate. It wants you to double-check that you recognize it; if you don't, a bad actor could be MITM (man-in-the-middling) your connection to siphon your data.
It's good practice to check the server name you're connecting to (never blindly accept connection requests) - in this case it will be [servername].miad.edu - the prefix of the server depends on the area of campus you're in. If you're in the building and you see something other than miad.edu when connecting to MIAD's wifi, you'll want to stop by the tech desk as soon as possible.
For users with MIAD-issued laptops, the certificates are pre-authorized, so these prompts should not appear.
How to Permanently Trust the Certificate Issuer (this is OPTIONAL):
With the following steps, by adding the Root CA to your device's trust, you should never again have to trust valid, individual certificates as they are renewed.
First, Obtain the Root CA Certificates:
- Go to https://letsencrypt.org/certificates/
- Download the pem version of the certificate from both: Active and Upcoming to your desktop
- Double-click one of the newly-downloaded .pem files and the Keychain app should launch
- On the preceeding popup "Do you want to add the certificates ... to a keychain?" > click on the pull-down and select X509Anchors
- You should then get a prompt for administrator credentials, this is your Mac's username/password (not MIAD logins) - this is just your Mac confirming the request to add is legitimate and from someone with administrator privileges.
- Repeat the above steps for the other .pem file
- Launch MMC (mmc.exe)
- Choose File > Add/Remove Snap-ins
- Choose Certificates, then choose Add
- Choose My user account
- Choose Add again and this time select Computer Account
- Move the new certificate from the Certificates-Current User > Trusted Root Certification Authorities into Certificates (Local Computer) > Trusted Root Certification Authorities
sudo mkdir /usr/local/share/ca-certificates/extra
cd ~/Desktop && sudo cp *.pem /usr/local/share/ca-certificates/extra
- Select the appropriate certificate while initializing the connection in your network manager/GUI app
Article is closed for comments.