Connect to eduroam with Linux

1. Check Certificate

To establish a secure connection with eduroam you need to use a certificate.
This certificate comes preinstalled on most Linux Distros. Please check if it is already installed on your System. You can find it in the folder /etc/ssl/certs/ . The name is T-TeleSec_GlobalRoot_Class_2.pem.
If this certificate is already installed, go to step 2.

You will find the required certificate here:
https://www.telesec.de/de/root-programm/informationen-zu-ca-zertifikaten/root-zertifikate/
(Direct download: https://www.telesec.de/assets/downloads/PKI-Repository/T-TeleSec_GlobalRoot_Class_2.cer)
Name of the certificate: T-Telesec GlobalRoot Class 2.
Fingerprint: 59 0d 2d 7d 88 4f 40 2e 61 7e a5 62 32 17 65 cf 17 d8 94 e9
To verify the fingerprint use the command:
openssl x509 -inform der -in T-TeleSec_GlobalRoot_Class_2.cer -noout -sha1 -fingerprint

Download the certificate, and remember where you saved it. You need this certificate each time you connect to eduroam, so it's good practice to save it somewhere else than your downloads folder. Otherwise it may get deleted accidentally.


 

2. Delete existing eduroam profiles

To avoid any issues setting up eduroam, make sure no other eduroam profiles exist and delete them if needed.


3. Create a new connection

Select eduroam inside your network manager.

A window with connection settings will open.

Edit the fallowing entries:

Wi-Fi Security: WPA & WPA2 Enterprise

Authentication: Protected EAP (PEAP)

Anonymous identity: can be blank

CA certificate: Here, you need to select the certificate from step 1.
If the certificate is already installed, select /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem.
Otherwise select the certificate you downloaded.

PEAP version: Automatic

Inner authentication: MSCHAPv2

Username: Username@uni-mainz.de

Password: Your Password

Click on Connect, you should then get connected to eduroam.