Wirelessยถ

SSIDโ€™sยถ

Weโ€™re maintaining two wireless SSIDโ€™s:

SSID

Usage

Access method

confirm clients

Clients WLAN

mTLS client certificate

confirm devices

Devices WLAN

Passphrase

confirm guests

Guest WLAN

Vouchers

Hint

Guests can connect to the confirm guests network. Just give them a voucher for it and theyโ€™re fine to go.

Guest vouchersยถ

To create new guest vouchers, login into the UniFi Cloud Key, and go to:

  1. Insights (sidebar)

  2. Hotspot (top-level tab)

  3. Vouchers (sub-level tab)

Wireless client on macOS & iOSยถ

To connect to the confirm clients WLAN, use the following configuration with macOS & iOS:

Mode

EAP-TLS

Identity

Client certificate

Username

Must match the CN of the certificate (i.e. your username)

Wireless clients on Linuxยถ

If youโ€™re running Linux, use the following configuration:

Security

WPA & WPA2 Enterprise

Authentication

TLS

Identity

Must match the CN of the certificate (i.e. your username)

CA certificate

confirmCA

Private key

Client certificate

Wireless clients on Windowsยถ

If youโ€™re a Windows (10) user (shame on you), use the following pain-in-the-ass thanks to an obviously mentally ill Microsoft developer who wants to see the world burn:

  • Add to confirmCA, and trust it (rename to *.crt & add to trusted root CA store)

  • Add the client certificate

  • Do NOT try to connect to the confirm clients WLAN at all (this is important, no joke)

  • In case you did try before, right-click the confirm clients WLAN, and choose Forget

  • Hit Windows + R, and enter control

  • Go to Network and Internet, and then Network and Sharing Center

  • Click on Set up a new connection or network

  • Select Manually connect to a wireless network

  • Use confirm clients as network name with WPA2-Enterprise as security type

  • Uncheck both checkboxes (auto start connection & connect even if not broadcasting)

  • Click Next

  • Click on Change connection settings (this only appears if WLAN wasnโ€™t configured before)

  • Go to Security, and change the authentication method to Smart Card or other certificate

  • Click on Settings

  • Select confirmCA as trusted root certificate authority

  • Check the checkbox Use a different user name for the connection

  • Confirm the settings

  • Connect to the confirm clients

  • Select your certificate

  • The user name must match the CN of the certificate (i.e. your full name)

Hint

Heads up: once youโ€™ve messed something up in Windows, thereโ€™s AFAIK no way to reopen the proper (classic) WLAN settings dialog again. You have to forget the network and re-add it manually. Windows will happily give you the dumbed-down Windows 10 settings panel, but not the classic one.

Warning

To anyone considering asking me, Dominique Barton, to connect their sad little Windows notebook to WLAN: No. No! Go step on a LEGO. Figure it out yourself, or for the love of all that is holy, get a real OS (Linux or macOS). Microsoft and Windows are a crime against humanity โ€” and possibly against good taste, networking, and your remaining sanity.