USHER Transition - Special Instructions for Mac OS X Wireless Users

The University transitioned from certificates issued by the CREN root certificate authority to certificates issued by the USHER root certificate authority on Tuesday, July 31, 2007. Existing Mac wireless users (not users setting up for the first time) will need to follow these instructions after they obtain their new USHER user certificate and before Monday, August 13, 2007 in order to have uninterupted connectivity to UVa encrypted wireless networks.

Do not proceed with these instructions unless you have obtained a new certificate after Tuesday, July 31, 2007.

Instructions

Manually selecting the new USHER issued client certificate

  1. From the AirPort menu, select Open Internet Connect....
    Mac OS X - Open internet connect
  2. Click the 802.1x icon.
  3. From the Configuration dropdown select Edit Configurations....
    Mac OS X - Edit 802.1x configurations.
    1. Make sure their is only one Cavalier Wireless Network Profile (if there is more than one, delete the extras by selecting them in the list and clicking the (minus) button below the list).
    2. Click the Configure button.
    3. From the Select your TLS certificate dropdown, select the highest number certificate.
      Mac OS X 10.4 wireless server certificate validation.
    4. Click the OK button to close the Select Certificate window.
  4. Click the OK button to save your configuration change.
  5. Quit the Internet Connect utility.

Install the Root Certificate

  1. Download the Wireless Configuration Bundle to your desktop or your designated download folder.
  2. If it doesn't mount automatically, locate and double-click on the wirelessbundle.dmg file to mount the Wireless Bundle disk image.
  3. From the Wireless Bundle disk image, locate and double-click the usher-root.cer file (ignore the other file). The Add Certificates window will appear to ask if you would like to add the certificate to the keychain.
    Root Certificate Import Image
    1. From the Keychain drop-down, select X509Anchors.
    2. Click the OK button.
    3. To complete the process, you will be asked to enter your password for your computer.
    4. Click the OK button to close the Add Certificates window.

Trusting the USHER CA Root Certificate

  1. In the Keychain Access utility left column, click Certificates, then locate the USHER CA1 v1 certificate in the list to the right.
    Keychain Access
  2. Double click the USHER CA1 v1 certificate, a USHER CA1 v1 window will appear.
  3. Click the Details triangle to collapse its section.
  4. Click the Trust Settings triangle to expand its section.
  5. From the Extensible Authentication (EAP) drop-down, select Always Trust.
    Keychain Access Change Trust Setting
  6. Close the USHER CA1 v1 window.
  7. Quit the Keychain Access utility.

© 2008 by the Rector and Visitors of the University of Virginia.

The information contained on the University of Virginia’s Department of Information Technology and Communication (ITC) website is provided as a public service with the understanding that ITC makes no representations or warranties, either expressed or implied, concerning the accuracy, completeness, reliability or suitability of the information, including warrantees of title, non-infringement of copyright or patent rights of others. These pages are expected to represent the University of Virginia community and the State of Virginia in a professional manner in accordance with the University of Virginia’s Computing Policies.