1.0.6 multi ssid and non-exportable macos certs #516
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issues
What does this solve?
In previous versions of the radius example scripts, multiple SSIDs could be specified as long as those SSIDs did not have a space in the name. Some SSID set like "network_5G network_2.5G" would have been valid in a previous release whereas "network 5G network 2.5G" would not. In this release, space is no longer a delimiter to split network names, instead, the semicolon ";" is used to split network names. In this release setting the
$NETWORKSSID
variable to "network 5G;network 2.5G" would assign a macOS user's wifi certificate to both networksnetwork 5G
andnetwork 2.5G
In addition this release changes the import certificate macOS security commands slightly by adding the
-x
flag which prevents the certificates from being exported from the keychain after installation.Is there anything particularly tricky?
NA
How should this be tested?
In the radius
config.ps1
file, change the$NETWORKSSID
variable to a string with several network names one of which should have a space in the name.Generate and distribute a set of certs to a test user on a VM, when the certificate is distributed and installed on the user's device, the certificate should be set to automatically apply when connected to each network specified in the
$NETWORKSSID
variable.Furthermore the installed certificate should no longer be exportable once it's in the user's keychain
Screenshots
In this screenshot both networks
TP-Link_3832
andSome network with a space
were set to use the installed certificate for authentication after the certificate was installed:After the certificate was installed, it can no longer be exported by right-clicking the private key and selecting export. The following error should be displayed when a user attempts to export this installed certificate.