Configuring MacOSX Tiger (v10.4) wireless client for TTLS+PAP (v3.0, 27th Feb 2014)

Described here are the steps involved in configuring the MacOSX v10.4 (aka Tiger) wireless client to use eduroam, authenticating via TTLS+PAP. Your home site will be able to tell you whether TTLS+PAP is the appropriate authenticiation method that you should use.

Wherever you see the icon in the instructions below you can click on the text beside it to display further information and click on it again to hide the detailed text once more. Click on an image to open a larger version in a new browser window.

Information you will need

To complete these instructions you'll need some information specific to your home site/organisation, plus your own credentials, as listed below. If any of the details in your wifi profile are incorrect then your authentication will fail and you will not gain wifi access via eduroam. The IT department of your home site will be able to provide you with these details:

Information requiredSample string in the instructions below
Your home site's domain name as would appear in, for example, your e-mail address e.g. ucd.iemysite.ie
[OPTIONAL] The name of the CA certificate used by your home site for eduroam. You will not require this if your site is using a public CA which is already defined on your iPhone.Cybertrust Educational CA
The name on the SSL certificate presented by the authentication server at your home site e.g. tweedledum.ucd.iecertname.mysite.ie
The username you use to authenticate against your home account. Note the inclusion of your domain name e.g. jsoap@ucd.iemyname@mysite.ie
The password you use to authenticate against your home account.mypassword

Configuration instructions

The instructions below are broken into two sections:

Notes on the MacOSX Tiger wireless client

Create a wifi profile

Follow these steps to create your eduroam wifi prodile:

  1. Click on the wireless icon (in the menu bar at the top of the screen).
    Select Open Network Preferences....
    Click 802.1X (this button might not be immediately visible in which case you'll have to click on the rightmost arrow icon to see it, as shown in this image).
  2. Click Configuration: pull-down menu.
    Select Edit Configurations...
  3. Click + in bottom left corner of window.
    Define the profile details:
    Description: eduroam
    Network Port: Airport
    User Name: myname@mysite.ie
    Password: mypassword
    Wireless Network: eduroam
    Authentication:Select the tickbox beside TTLS and un-select all the others.

    Further info on credential settings

  4. Select TTLS and click Configure...
    Enter details as follows:
    TTLS Inner Authentication: PAP
    Outer identity: anonymous@mysite.ie

    Click OK

  5. To make eduroam your preferred network, within the left pane drag the eduroam entry to the top of the list of networks/configurations.
    Click OK

Your wireless client is now configured to avail of eduroam and should connect automatically when at a site where the eduroam service is available.

Using eduroam for the first time

When you use your new eduroam profile for the first time you will be required to verify the details of the authentication server you are talking to, as follows:

  1. A "Verify Certificate" pop-up window will display on your screen.
    Click Show Certificate
  2. Compare the details shown against those certificate details provided by your home site, as described earlier:

    If CA certificate name (in the upper pane) matches Cybertrust Educational CA and SSL certificate name (in the lower pane) matches certname.mysite.ie, then do the following to proceed with your wifi connection:
    Select Always trust "certname.mysite.ie"
    Click Continue

    Otherwise, click Cancel to disconnect from this potentially fake server and report the incident to your home site as soon as possible.

If you follow the instructions above then this manual verification step will happen once only, and on subsequent connections to eduroam you will not need to repeat this verification process.

Further info on certificate verification