Office client infrastructure

Wireless

SSID’s

We’re maintaining two wireless SSID’s:

SSID

Usage

Access method

DeathStar

Internal WLAN

X.509 SSL client certificate

GuestStar

Guest WLAN

Vouchers

Guests can connect to the GuestStar network. Just give them a voucher for it and they’re fine to go.

DeathStar on macOS & iOS

To connect to the DeathStar WLAN, use the following configuration with macOS & iOS:

Mode

EAP-TLS

Identity

X.509 SSL client certificate

Username

Must match the CN of the certificate (i.e. your full name)

DeathStar on Linux

If you’re running Linux, use the following configuration:

Security

WPA & WPA2 Enterprise

Authentication

TLS

Identity

Must match the CN of the certificate (i.e. your full name)

CA certificate

confirmCA

Private key

X.509 SSL client certificate

DeathStar on Windows

If you’re a Windows (10) user (shame on you), use the following pain-in-the-ass thanks to an obviously mentally ill Microsoft developer who wants to see the world burn:

  • Add to confirmCA and trust it (rename to *.crt & add to trusted root CA store)

  • Add the user X.509 SSL client certificate

  • Do NOT try to connect to the DeathStar WLAN at all (this is important, no joke)

  • In case you did try before, right-click the DeathStar WLAN and choose Forget

  • Hit Windows + R and enter control

  • Go to Network and Internet and then Network and Sharing Center

  • Click on Set up a new connection or network

  • Select Manually connect to a wireless network

  • Use DeathStar as network name with WPA2-Enterprise as security type

  • Uncheck both checkboxes (auto start connection & connect even if not broadcasting)

  • Click Next

  • Click on Change connection settings (this only appears if WLAN wasn’t configured before)

  • Go to Security and change the authentication method to Smart Card or other certificate

  • Click on Settings

  • Select confirmCA as trusted root certificate authority

  • Check the checkbox Use a different user name for the connection

  • Confirm the settings

  • Connect to the DeathStar

  • Select your certificate

  • The user name must match the CN of the certificate (i.e. your full name)

Hint

Please note, when you did something wrong in Windows, there’s IMHO way to open the non-retarded WLAN settings again. You’ve to forget the WLAN network and start adding it manually again. You can always open the Windows 10 kindergarden / retarded WLAN settings, but not the classic / non-retarded ones.

Warning

If you dare asking me, Dominique Barton, if I can help you connecting your crappy & shitty Windows notebook to the WLAN, you better get some lube, because I’ll probably shove that thing up your arse. Try it yourself or FFS get a proper OS (Linux or macOS).

X.509 SSL client certificate

We make use of client certificates which are issued by a private CA. You need to install your personal certificate, so that you’ve full access to the office infrastructure.

Hint

To create a new certificate, head over to the confirmCA section.

Client certificate on iOS

The most straight-forward way to install the certificate on iOS is to:

  • Send the PFX certificate by e-mail to yourself

  • Open the certificate on iOS

  • Enter your iOS PIN number or password

  • Enter the certificate passphrase secret

  • Click on Install

Client certificate on Android

The most straight-forward way to install the certificate on Android is to:

  • Rename the .pfx filename extension to .p12

  • Transfer the P12 certificate to your phone

  • Go to Settings -> Passwords & Security -> Privacy -> Encryption & Credentials -> Install from storage

  • Select the P12 certificate to install from storage

  • The passphrase is secret

Client certificate on macOS

The most straight-forward way to install the certificate on macOS is to:

  • Copy the PFX certificate to your Mac

  • Open the Keychain Access application

  • Drag-n-drop the PFX certificate into the Keychain Access / login keychain

  • Enter the certificate passphrase secret

  • Right-click on the certificate and then New Identity Preference…

  • Enter *.confirm.ch

Client certificate on Windows

When adding the certificate on Windows do this:

  • Copy the PFX certificate to your Windows machine

  • Open the certificate

  • Select Current User in the welcome screen

  • Accept the file name of the certificate (should be the PFX file)

  • Enter the certificate passphrase secret and accept all other default values

  • Let Windows automatically select the certificate store based on the type of certificate

  • Finish the installation

Printer

Colour Laser Printer

We’re using a Kyocera ECOSYS M6035cidn colour laser printer. You can find the drivers right here on the Kyocera Page.

The printer’s reachable within our office via hostname laser-printer.confirm.ch and protocol Line Printer Daemon (LPD). Please make sure you select the right driver and add an additional Paper Feeder.

There’s also a WebUI available.

Hint

The credentials can be found in the Enpass vault.

Inkjet Printer

We’re using an EPSON ET-8550 colour inkjet printer. You can find the drivers right here on the EPSON Page.

The printer’s reachable within our office via hostname inkjet-printer.confirm.ch and via AirPlay.

Hint

The credentials can be found in the Enpass vault.

Important

This printer shall only be used for marketing purposes!

Scanner

We’re using a Fujitsu ScanSnap iX500 scanner. You can easily scan document with your mobile phone by downloading the ScanSnap Connect App from the iTunes Store.

Sonos

We ♥ music - music is awesome! Therefore we use Sonos and you might be interested in the Sonos Controller App.

Badge reader

This is the instruction for the access system in our office. The access system which we use is from Salto Systems AG.

Add/Delete user card

  • Present the programming key once on the reader

  • Present all user key that you want to add/remove to the system

  • When a new user key is added to the system the light will be green

  • When a old user key is deleted from the system the light will be red

  • Close Programming mode by:

    • presenting the programming key again

    • Or wait 5 seconds for the lock to close the programming mode itself

  • (a single beep will be heard)

Activate office mode

  • Activating the office mode is like adding/deleting users to the system

  • Present the office key once on the reader

  • Present all user key that you want to activate or deactivate the office mode

  • When a new user key is added to the office mode the light will be green

  • When a old user key is deleted from the office mode the light will be red

  • Close office mode by:

    • presenting the office key again

    • Or wait 5 seconds for the lock to close the office mode itself

  • (a single beep will be heard)

Download Salto programming guide