Generic settings for eduroam secure wireless access

The generic settings specified below will allow you to configure a suitable wireless device to connect to the eduroam secure wireless network.

Not all the configuration settings will be avilable on all devices. If you cannot configure any of these settings it is unlikely your wireless device is capable of connecting to the eduroam wireless network.

eduroam configuration settings

Network name (SSID)

The network name for the secure wireless network is eduroam. This must be all lowercase.

Wireless authentication and encryption

The wireless Network Authentication type is WPA2 Enterprise.

The Data Encryption method to use is AES.

If your wireless device does not support WPA2/AES, select WPA authentication and TKIP encryption.

User authentication

The "EAP Authentication Type" or "Outer Authentication Protocol" is PEAP or PEAPv0.

The "Authentication Method", "Authentication Protocol" or "Inner Authentication Protocol" is MS-CHAPv2.

Your username is your UUN plus "@ed.ac.uk", e.g. "s10987654@ed.ac.uk".

Your password is the password you specified when registering for the Wireless service.

If asked for an "Outer Identity", "Anonymous Identity" or "Roaming Identity", leave it blank.

If asked for a realm, leave it blank.

Server authentication

You should choose to Validate the Server Certificate.

The certificate should be from one of Radius Servers radius01.is.ed.ac.uk, ispy-at.ucs.ed.ac.uk or archer.ucs.ed.ac.uk.

The Root Certificate Authority or "Root CA" is UTN-USERFirst-Hardware. The UTN-USERFirst-Hardware certificate is signed by AddTrust External CA Root.

Although you may be able to connect to the eduroam wireless network without validating the server certificate, your connection will not be secure. You must ensure server certificate validation is enabled.

Optional settings

The following settings will not be available on every device, but if present should be configured as follows:

  • "Posture Validation" or "Quarantine checks": disable
  • "Authenticate as computer": disable
  • "Require Cryptobinding TLV": disable

Installing the wireless root certificates

If you are having problems with certificates or cannot get your device working you may need to download and install the certificates below to your device.

You should only need to import the AddTrust External CA Root certificate into your device. If that doesn't work try importing all three certificates. Each certificate is available in two formats: Base64 or DER.

Most devices will work with either format, however for Nokia/Symbian series phones you should use the DER format certificate.


Accessibility menu