Privacy and Security Notice

CC Home | JLAB Home | JLAB Internal

Helpdesk | Services | Scientific Computing | Networks | Telecommunications | CAD/CAE | Policies

jlab_secure Wireless (WPA) Certificate Update Instructions

For users of the jlab_secure wireless network, an important certficate used to establish the secure connection is nearing expiration and must be updated with a renewed certificate. The new certificate is available on the central file systems, and the procedure below should be used to update your system. Overall, the process is simply to copy in the new certificate and then restart the wireless subsystem.

Note: This procedure is only for RHEL3 systems configured for wireless networking using the standard Computer Center procedure. For other configurations, the new certificate is available in /site/etc/certs/CAcert-2008.cer while the current certificate is available in /site/etc/certs/CAcert-2006.cer. Your system will need the 2006 certificate until the wireless server itself is updated on May 13th. After that time, the new certificate will be required. Most clients should be able to have both certificates installed so they will work before and after the server update.

Copy the NEW CA certificates to your system.

Copy the JLab secure Certificate Authority trusted certificates to a directory in /etc, e.g., /etc/certs/. By executing the following command as root. Note that the single file contains all the necessary certificates. 
  cp /site/etc/certs/CAcert-2008.cer /etc/certs

Disconnect from jlab_secure

  1. Release your DHCP lease and shutdown the interface. 
      /etc/sysconfig/network-scripts/ifdown ath0
  2. Disable the WPA link. 
      /usr/local/sbin/wpa_cli
  terminate
  quit
  3. Either eject your PC card or kill the wpa_supplicant process.

Re-Connecting to jlab_secure

  1. Insert your wireless card.
  2. Enter the following command (as root) to start WPA authentication: 
      /usr/local/sbin/wpa_supplicant -iath0 -c/etc/wpa_supplicant.conf -B
  3. Enter the following command (as root) to enter the WPA client: 
      /usr/local/sbin/wpa_cli
  4. Enter the following commands to authenticate: 
      identity jlab_secure YOUR_JLAB_USERNAME
  password jlab_secure YOUR_JLAB_PASSWORD
  5. If properly authenticated, you should get a prompt stating: "WPA: Key negotiation completed with [number]" When you see this, you are authenticated. NOTE: This authentication may take a while (1-5 minutes depending on the speed of your laptop). If you want to check the status of the negotiation, you can type status at the wpa_cli prompt. Please be patient during this negotiation.
  6. Exit out of wpa_cli 
    quit
  7. Re-Start your DHCP client. 
    /sbin/dhclient ath0
  8. You're connected.

This document is maintained by {helpdesk@jlab.org}

Copyright Jefferson Lab 2007