Julkaistu kehittämis- tai tutkimusraportti taikka -selvitys (D4)

Best Practice Document: Server Certificate Practices in eduroam

Julkaisun tekijät: Tomi Salmi, Tuukka Vainio

Kustantaja: GÉANT

Julkaisuvuosi: 2015

Kirjan nimi *: Best Practice Document: Server Certificate Practices in eduroam

Verkko-osoite: http://services.geant.net/cbp/Knowledge_Base/Wireless/Documents/cbp-33_server-certificate-practices-in-eduroam.pdf


Certificates are extensively used in telecommunications to enable both parties to verify with whom they are communicating. Certificates are also used in the international roaming system eduroam. In eduroam it is important that users can verify that they are communicating with the correct authentication server before submitting their username and password.

Anyone can create a limitless number of self-signed certificates free of charge. Another option is to choose a public Certification Authority (CA) to issue the certificate. A self-signed certificate offers some security advantages in eduroam environment so it is the preferable option for those with CA expertise. The document describes the differences between private and public CAs. When creating and distributing certificates, it is important to pay attention to certificate properties to achieve the best possible compatibility with different end devices.

Using automatic provisioning tools like eduroam CAT makes life easier for eduroam end users. The tool makes end-device configuration and certificate installation a lightweight procedure.

Last updated on 2021-24-06 at 10:51