Greg Hammond

Your Certificate Expired and Broke My Device  Certs are easy to manage, said no one Certificates are a wonderful thing for security but a horrid one for management, especially if you have no formal process in place for renewing them. A quick web search will turn up countless posts and articles about expired certs breaking organizations and causing chaos. This post is not about managing their expiration as I believe operational leaders need to make it a priority in the months prior and have a formalized plan. Instead I will focus on the technical side of supporting users and departments from a network administration perspective. Most network professionals know the certificates on their devices do not hinder client connectivity. The obvious caveat to that is when you forget to update your EAP cert(s) or use your infrastructure as the CA. However when something doesn't connect to the network we all know the phone calls or tickets that come in saying the network is down or your certi...

  802.1X Easy Updated 3/19/2025 It seems I like doing things the hard way sometimes. Packetfence was that next thing. After much trial and error I fell back to something simpler that I already had running. OPNSense with FreeRADIUS. My goal is to create a wifi lab that utilizes Dot1X to better understand how enterprise wifi works. While my day job does allow me troubleshoot it, I cant easily test and play around with it. My setup is basic but that's what makes this so great and accessible for people without the space or extra money for power hungry devices. An OPNSense VM running on Proxmox (Or a standalone device) A Cisco 3560 desktop style gigabit POE switch 2 Unifi AP AC Lites And that's really all you need. You could even go a little cheaper with a basic POE switch if you don't plan on doing wired Dot1X. Once your OPNSense instance is setup you just need to download the FreeRADIUS plugin then you can begin configuring Dot1X. Configuration You'll want to crea...