1. Check Certificate
To establish a secure connection with eduroam you need to use a certificate.
This certificate comes preinstalled on most Linux Distros. Please check if it is already installed on your System. You can find it in the folder /etc/ssl/certs/ . The name is T-TeleSec_GlobalRoot_Class_2.pem.
If this certificate is already installed, go to step 2.
You will find the required certificate here:
(Direct download: https://www.telesec.de/assets/downloads/PKI-Repository/T-TeleSec_GlobalRoot_Class_2.cer)
Name of the certificate: T-Telesec GlobalRoot Class 2.
Fingerprint: 59 0d 2d 7d 88 4f 40 2e 61 7e a5 62 32 17 65 cf 17 d8 94 e9
To verify the fingerprint use the command:
openssl x509 -inform der -in T-TeleSec_GlobalRoot_Class_2.cer -noout -sha1 -fingerprint
Download the certificate, and remember where you saved it. You need this certificate each time you connect to eduroam, so it's good practice to save it somewhere else than your downloads folder. Otherwise it may get deleted accidentally.
2. Delete existing eduroam profiles
To avoid any issues setting up eduroam, make sure no other eduroam profiles exist and delete them if needed.
3. Create a new connection
Select eduroam inside your network manager.
A window with connection settings will open.
Edit the fallowing entries:
Wi-Fi Security: WPA & WPA2 Enterprise
Authentication: Protected EAP (PEAP)
Anonymous identity: can be blank
CA certificate: Here, you need to select the certificate from step 1.
If the certificate is already installed, select /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem.
Otherwise select the certificate you downloaded.
PEAP version: Automatic
Inner authentication: MSCHAPv2
Password: Your Password
Click on Connect, you should then get connected to eduroam.