Secure Wireless :: How to Connect :: HSU-Owned Mac OS X 10.6 Systems

Printer-friendly versionSend to friendPDF version

FOR USE BY TECHNICAL PERSONNEL ONLY

Before You Start

Ensure that the computer is as up to date as it can be and that you have administrative access. The machine should already be bound to Active Directory.

Configuring the Computer

Step 1: Click on the AirPort icon in the status menu bar.

Airport Icon
Step 2: Ensure AirPort is turned ON.

Turn Airport On
Step 3: Click on the AirPort icon in the status menu bar again.

Airport Icon
Step 4: Select Join Other Network.

Join Other Network
Step 5: Select WPA2 Enterprise for Security.

Set Security Type to WPA2 Enterprise
Step 6: Enter the name HSUWireless-Secure exactly as shown below and then:

  • Enter your HSU User Name and Password
  • Ensure 802.1X is set to Automatic.

If only one individual uses this computer, check Remember this network, otherwise leave this option unchecked
Click Join.

Enter HSUWireless-Secure (VERY important - this name is CASE SENSITIVE) into the Network name field. - Enter your HSU User Name and Password - Ensure 802.1X is set to Automatic. - Ensure Remember this network is Checked. - Then click Join.
Step 7: A Verify Certificate window will appear. Click Show Certificate.

A Verify Certificate window will appear since there are no explicit trust settings. - Click Show Certicate.
Step 8: Ensure that the certificate is valid by checking that it:

  • has not expired
  • is issued to wireless.humboldt.edu
  • was issued by Verisign

Ensure Always trust wireless.humboldt.edu is checked and click Continue.

IMPORTANT: DO NOT CLICK CONTINUE IF THE CERTIFICATE DOES NOT AUTHENTICATE.

Inspect the certificate for authenticity.
Step 9: If prompted to do so, enter the Administrative User Name and Password for this computer and click OK.

You may be prompted to enter your machines Administrative password. - Then Click OK.
Step 10: Click on the AirPort icon in the Status Menu Bar and then on Open Network Preferences.

Click on the Airport Radio icon in the Status Menu Bar. - Click Open Network Preferences.
Step 11: Click Advanced.

Click the Advanced button.
Step 12: On the AirPort tab, locate the Preferred Networks box and drag the HSUWireless-Secure network so that it is above the HSUWireless network. This will ensure the user always connects securely.

Click OK.

On the AirPort tab, Locate the Preferred Networks box. - Drag the HSUWireless-Secure network above the HSUWireless network to ensure you always connect securely. - Ensure Disconnect from wireless networks when logging out is checked.
Step 13: Click the 802.1X tab and then:

  • Expand the User Profiles list
  • Click on WPA: HSUWireless-Secure.
  • Click on the minus sign at the foot of the box to remove it

Step 14: Click the [+] sign to add a new profile.

Step 15: Select Add Login Window Profile

Step 16: Name the login window HSUWireless-Secure and

  • Ensure the TTLS and PEAP protocols are checked
  • Ensure the Wireness Network is set to HSUWireless-Secure
  • Ensure the Security Type is set to WPA2 Enterprise

Step 17: Click Configure Trust

Step 18: Click the [+] sign at the bottom of the Certificates window

Step 19: Click on Select Certificate from Keychain

Step 20: Select the wireless.humboldt.edu certificate. Verify that the certificate is authentic and has not expired, and then click OK.
Step 21:  Click on the Servers tab and then on the [+] sign

  • Enter wireless.humboldt.edu.

Click OK.

Click on the Servers Tab. Then Click the + sign and enter type in wireless.humboldt.edu. -Then Click OK.
Step 22:  Click OK on the 802.1X Properties Tab.

Then Click OK on the 802.1X Properties Tab.
Step 23: Click Apply and close the network window.

 

Step 24: Log out of the admin account on this machine via the Apple menu.

Step 25: The machine will now use the same credentials entered for managed login for the secure wireless network. There may be a longer delay during login while the Wireless AirPort associates.

NOTE:

You'll need to tell the user that the Network Accounts Available notification will now read Network Access Requires Login. If the HSUWireless-Secure network is unavailable, the user will still be able to access the Internet provided they have successfully logged into the machine before and have cached credentials.

If the user has never used wireless before at HSU, there are a couple more one-time they will need to take:

  • When you are setting this up, open a browser and have the user accept the HSU Appropriate Use Policy by signing the document digitally using their HSU User Name and Password.
  • They may also need to install the PolicyKey software. Follow the on-screen instructions to download and install the software if it is not already installed.

IMPORTANT: If you see a certificate error when you attempt to connect to HSUWireless-Secure for the first time, the computer may not have the required certificates. Follow the instructions below to download and install the necessary certificates onto the Mac.

Installing the Verisign Root Certificate under OS X 10.6

Step 1: To download the required root certificate, right-click on this link and save it to the desktop.

Step 2: Click Close after the software has finished downloading.

To avoid any certificate trust errors, you also need to install the Verisign Secondary Intermediate Certificate. Here's how:

Step 3: To download the required intermediate certificate, right-click on this link and save it to the desktop.

Step 4: Click Close after the software has finished downloading.

Step 5: Open Keychain Access by clicking on Go in the Finder menu and then select Utilities.

To open Keychain Access, start by clicking on Go in the Finder menu and the select Utilities.

Step 6: When the Utilities window opens, locate and double click on the Keychain Access icon

When the Utilities window opens, look for and double click on the icon named Keychain Access. The Keychain Access icon is displayed below

Step 7: In the Keychain Access window, go to the Keychain Access menu at the top and

  • Select File
  • Click on Import Items.

With the Keychain Access window now open, go to the Keychain Access menu at the top and select File and then click on Import Items.

Step 8: Another Keychain Access window will appear. Browse to the certificate files on the dekstop.

  • Highlight the first certificate
  • Ensure the Destination Keychain from the drop down list below is set to login
  • Click Open.

Another window will appear. In this window, you should browse to location (your Desktop) of the certificate files on your computer. When you have highlighted the first certificate, ensure the Destination Keychain from the drop down list below is set to login, then click Open.

Step 9: Repeat steps 5 through 8 to install the secondary certificate.

You will now need to repeat steps 3-4 for the required secondary certificate.

Step 10: Restart the Mac. You should now be able to connect to the secure wireless network. If you experience problems, contact the Technology Help Desk at (707) 826-4357 for further advice.

 

Related Topics

Secure Wireless
feedback