Wirelessยถ

SSIDโ€™sยถ

Weโ€™re maintaining two wireless SSIDโ€™s:

SSID

Usage

Access method

confirm clients

Clients WLAN

mTLS client certificate

confirm devices

Devices WLAN

Passphrase

confirm guests

Guest WLAN

Vouchers

Hint

Guests can connect to the confirm guests network. Just give them a voucher for it and theyโ€™re fine to go.

Guest vouchersยถ

To create new guest vouchers, login into the UniFi Cloud Key, and go to:

  1. Insights (sidebar)

  2. Hotspot (top-level tab)

  3. Vouchers (sub-level tab)

Wireless client on macOS & iOSยถ

To connect to the confirm clients WLAN, use the following configuration with macOS & iOS:

Mode

EAP-TLS

Identity

Client certificate

Username

Must match the CN of the certificate (i.e. your username)

Wireless clients on Linuxยถ

If youโ€™re running Linux, use the following configuration:

Security

WPA & WPA2 Enterprise

Authentication

TLS

Identity

Must match the CN of the certificate (i.e. your username)

CA certificate

confirmCA

Private key

Client certificate

Wireless clients on Windowsยถ

If youโ€™re a Windows (10) user (shame on you), use the following pain-in-the-ass thanks to an obviously mentally ill Microsoft developer who wants to see the world burn:

  • Add to confirmCA, and trust it (rename to *.crt & add to trusted root CA store)

  • Add the client certificate

  • Do NOT try to connect to the confirm clients WLAN at all (this is important, no joke)

  • In case you did try before, right-click the confirm clients WLAN, and choose Forget

  • Hit Windows + R, and enter control

  • Go to Network and Internet, and then Network and Sharing Center

  • Click on Set up a new connection or network

  • Select Manually connect to a wireless network

  • Use confirm clients as network name with WPA2-Enterprise as security type

  • Uncheck both checkboxes (auto start connection & connect even if not broadcasting)

  • Click Next

  • Click on Change connection settings (this only appears if WLAN wasnโ€™t configured before)

  • Go to Security, and change the authentication method to Smart Card or other certificate

  • Click on Settings

  • Select confirmCA as trusted root certificate authority

  • Check the checkbox Use a different user name for the connection

  • Confirm the settings

  • Connect to the confirm clients

  • Select your certificate

  • The user name must match the CN of the certificate (i.e. your full name)

Hint

Please note, when you did something wrong in Windows, thereโ€™s IMHO way to open the non-retarded WLAN settings again. Youโ€™ve to forget the WLAN network, and start adding it manually again. You can always open the Windows 10 kindergarden / retarded WLAN settings, but not the classic / non-retarded ones.

Warning

In case youโ€™re thinking in asking me, Dominique Barton, if I can help you connecting your crappy & shitty Windows notebook to the WLAN: No โ€“ step on a LEGO! Try it yourself, or FFS get a proper OS (Linux or macOS). Microsoft & Windows is a disgrace to humanity!