Set up for IT Lab Debian / Ubuntu APT package repository.
Supported APT-based distributions:
Debian
Ubuntu
The following commands all use sudo
,
assuming that you are not logged in to your system
as root
. If you are logged in
as root
, remove sudo
from
the commands before running them.
Configure APT Source
Ensure that the apt-transport-https and gnupg packages are installed, so that apt commands can access this repository, and verify package signatures:
% sudo apt-get install -qq -y apt-transport-https gnupg
Add the GPG Key
Add the GPG key to verify package / manifest signatures:
% sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7CBDD8B10F39DA6C
If that method does not work (probably because of firewall rules), use this instead:
% curl -s https://repo.itlab.stanford.edu/keys/itlab.key | sudo apt-key add -
Configure APT Sources
Save the following on your system as /etc/apt/sources.list.d/itlab.list:
deb https://repo.itlab.stanford.edu/ DISTRO main
Replace DISTRO with one of the support distributions
Update APT
Update your local APT cache to pick up the ET packages:
% sudo apt-get update
This is the YUM repository. TBD.
Set up for IT Lab Alpine APK package repository.
The following commands all use sudo
,
assuming that you are not logged in to your system
as root
. If you are logged in
as root
, remove sudo
from
the commands before running them.
Add the repository signing key
Add the RSA key to verify package / manifest signatures:
% sudo wget -q -O /etc/apk/keys/admin@itlab.stanford.edu-5fb5ccf9.rsa.pub \
https://repo.itlab.stanford.edu/keys/admin@itlab.stanford.edu-5fb5ccf9.rsa.pub
Configure APK Sources
Add the following line to /etc/apk/repositories:
https://repo.itlab.stanford.edu/alpine/community
Update APK
Update your local APK cache to pick up the ET packages:
% sudo apk update
This is the Maven repository. TBD.
Keys used to verify signatures on local packages. Installation is covered in the appropriate repository tab (APT, ).
Both CloudPath and the Stanford CK Installer install the Cardinal Key Certificate Chain (CA) chain and configure devices to only trust the Stanford eduroam Identity Provider (IdP).
If you are not using Cardinal Key for eduroam you should still install the Cardinal Key CA Chain so that your client can verify the identity of the Stanford's eduroam IdP.
Different operating systems have different requirements for installing CA certificates. In most situations the Default chain will work, using the .cer format for Windows, and usually the .pem format for other operating systems.
MacOS
Download the .pem formatted Cardinal Key Chain file. Double clicking the cardinalkey-chain.pem file should start Keychain Access and import the certificates.
iOS / iPhone OS / iPad OS
Download the .pem formatted Cardinal Key Chain file. Follow the popups / prompts to download the profile. After the download completes, go to Settings and tap on Profile Downloaded and continue following the popups / prompts to install the profile.
Android 11 (optional for 9 and 10)
Android 11 has removed the option to not validate the RADIUS server certificate, so you'll need to download the Cardinal Key Root CA certificate in .cer format to your Android device, then follow Google's instructions to install the certificate.
When prompted to choose the uses for the certificate(s), select both VPN and apps and Wi-Fi options; when prompted to name the certificate use Cardinal Key Root.
Windows
Download the .cer formatted Cardinal Key Chain file. Double click on the file to start installing it.
These are not the certificates you are looking
for...
unless you've been asked to
test, in which case they are the
certs you are looking for.
If you've been asked to test with LSJU Keys, follow the instructions for Cardinal Key, but use these links:
Connect with us