On the continued quest for more security on my home network, I wanted to implement WPA2-Enterprise on my home network. This post details how.
I have a USG (the “old” three port version); a Cloud Key (not relevant) and several AP from Unifi. The USG is running the RADIUS server.
The TL:DR; is as follows:
- Create and generate certificates for your own Certificate Authority. This blog has details in this post: Create an SSL certificate chain and your own root certificate authority
- Use your CA certificate, place it on the USG
- Edit Freeradius’ eap.conf
- Make it permanent by creating a post-config.d script
- Generate client certificates for all devices that need to connect wirelessly
- Link the CN from the client certificate to an entry in the RADIUS users
For details, read more, but be warned: this is a long read!
Continue reading