One thing you can arrange is "Oh, you need to trust our Router's security thing" and so you're adding a new private root CA trust, then they "just" issue CA certs which they've arranged for you to trust. This is commonly how corporate and institutional systems are set up, it's a terrible idea but it's very common.
One thing that helps drive it away at work is that we're a University, and essentially all the world's universities have a common authenticated WiFi (because students and perhaps more importantly, academics, just travel from one to another and expect stuff to work, if you got a degree in the last 20 or so years you likely used this, eduroam) but obviously they don't trust each other on this stuff so their sites all use the Web PKI, the same public trust as everybody else, internal stuff might not, but the moment you're asking some History professor to manually install a certificate you might as well assign them a dedicated IT person, so, everything facing ordinary users has public certs from, of course, Let's Encrypt.
> This is commonly how corporate and institutional systems are set up, it's a terrible idea but it's very common.
Tbh makes it kinda sense for those systems, when used only with internal tools and on company devices... but yeah I’d just (of course) Let’s Encrypt if I was setting it up for a client.
No - I have visited two universities in the past month in France and each of them has its own Wi-Fi logins and passwords. And then one more a few months ago in Poland.
AHHHH - I just called a friend of mine at one of the French schools. He told me that this is for researchers only and thsi is why I was given another (permanent) access.
I stand corrected and I apologize. This is actually awesome. Working in the field, this is probably one of the most interesting deployments I have seen over many years and I will have a close look at it now.
One thing that helps drive it away at work is that we're a University, and essentially all the world's universities have a common authenticated WiFi (because students and perhaps more importantly, academics, just travel from one to another and expect stuff to work, if you got a degree in the last 20 or so years you likely used this, eduroam) but obviously they don't trust each other on this stuff so their sites all use the Web PKI, the same public trust as everybody else, internal stuff might not, but the moment you're asking some History professor to manually install a certificate you might as well assign them a dedicated IT person, so, everything facing ordinary users has public certs from, of course, Let's Encrypt.
Edited to name eduroam specifically.