...
1) The server names need to be listed in the eduroam database
2) There needs to be at least one non-nominative contact for the entity in the eduroam database
Once these prerequisites are fulfilled, you can access the Certificate Management interface from the NRO Management page:
An example entry in the ro.json file is below (entries are placed between "coordinates" and "info_url"):
"coordinates":"49.62,6.15",
"server":[
{
"server_name":"server1.eduroam.tld",
"server_type": 1
},
{
"server_name":"server1.eduroam.tld",
"server_type": 2
}
],
"contact":[{
"name":"eduroam Feedback",
"email":"feedback@eduroam.tld",
"phone":"+9994244091",
"type":1,
"privacy":1
}
],
"info_URL":[
Once these prerequisites are fulfilled, you can access the Certificate Management interface from the NRO Management page:
You need select for which institution you desire a RADIUS/TLS certificate, and to upload a CSR. The interface provides an openssl command-line with which you can generate a compatible CSR.
The CA will issue certificates only with information that is vetted, i.e. confirmed correct as per the eduroam database. In particular,
- the hostname(s) given in the CSRs CN and/or subjectAltName extensions areignored
- the Organisation field (O) will be ignored and replaced by either "NRO of <country>", or by the name of the IdP/SP as given in the eduroam database.
The certificate will always contain the RADIUS/TLS server names that are listed in the eduroam database, all in one certificateYou need select for which institution you desire a RADIUS/TLS certificate, and to upload a CSR. The interface provides an openssl command-line with which you can generate a compatible CSR.
It takes at least 2 minutes before the request is processed and the certificate is issued. You can download the certificate from the management interface by pushing the corresponding "Display" button.
...