How do I verify that the wireless RADIUS servers that I'm using for authentication to 'MIT SECURE' are legitimate?
It is important to verify that the server name (in this case "oc11-wireless-radius-1.mit.edu") as well as the certificate signing authority (in this case "USERTrust RSA Certification Authority") match before continuing. If they do not match, do not continue to connect and contact the IS&T Help Desk.
Cyber criminals may attempt "man-in-the-middle attacks" by creating fraudulent wireless networks made to look like MIT SECURE. Fraudulent networks won't present the correct certificate(s). You can verify the correct certificates by looking at the fingerprints.
The certificate information is:
Signed by The USERTRUST Network with a root CA of USERTrust RSA Certification Authority.
- Key ID: AF 32 EA 1E 06 E6 2B 78 EA 0D 7F 49 F8 27 4F A0 B3 58 9C 84
- SHA1 Fingerprint: 5F:DA:8C:31:DF:2B:BD:15:DF:ED:36:97:09:57:AD:ED:04:A9:00:FE
- MD5: 0C 9B 33 36 C0 91 A1 DE C2 AA E8 45 F4 54 94 64
- Key ID: 2D 53 A0 C9 53 50 A0 D1 4D 05 05 89 A3 3D 53 8F 90 EE 3D F8
- SHA1 Fingerprint: A2:26:5B:DF:0C:46:CF:D7:11:4F:1C:1E:ED:2B:EA:96:4D:8C:7F:D2
- MD5: E2 C8 12 A0 A4 0C 01 2B 9B 04 E5 32 17 B3 B4 17
Some devices may ask you to verify the name or fingerprint of the Root CA that certifies MIT's Wireless and Eduroam RADIUS servers. Compare the CA name and the fingerprint hash for both (they use the same root CA for certification) against the following:
- CA name: USERTrust RSA Certification Authority
- Subject Key Identifier: AD BD 98 7A 34 B4 26 F7 FA C4 26 54 EF 03 BD E0 24 CB 54 1A
- SHA1 Fingerprint: 02 FA F3 E2 91 43 54 68 60 78 57 69 4D F5 E4 5B 68 85 18 68
- MD5: 1D 35 54 04 85 78 B0 3F 42 42 4D BF 20 73 0A 3F