eduroam EAP-MSCHAP-V2 under Android 4.4 to 9.x
Please use eduroam Devicemanager to generate eduroam credentials for every device in use. You will find a tutorial here. You'll need them to authenticate in step 3.
Please note that login names generated with the help of eduroam Devicemanager will end with @rwth.edufi.de for members of the RWTH Aachen University and with @fzj.edufi.de for the members of the FZ Jülich.
You can still access the institute WLAN using a login name that ends with @rwth-aachen.de.
Step 1: Installing the certificate
Make sure that the T-TeleSec GlobalRoot Class 2 certificate has been installed on your phone. You can check it by trying to choose the certificate for eduroam in the wifi-settings.
If this is not the case, please connect to the RWTH-guests-network, start the browser and download this certificate (Certificate Chain of the DFN-PKI).
Please make sure that the certificates are downloaded only with the native or the Google Chrome browser. For all other browsers (Firefox, Opera, Dolphin, etc.) proper installation of the certificates is not guaranteed.
In addition, the purpose of the wireless network must be specified explicitly in some Android versions, otherwise the certificate at the eduroam device can not be selected. The certificate name can be chosen freely (in this example ‘T-TeleSec GlobalRoot’).
Step 2: Choose WLAN
Select Settings and choose Wi-Fi in the wireless and networks section.
Select the network eduroam to make the required configuration.
Step 3: eduroam configuration
You must make the following configuration:
- EAP-Method: PEAP
- Phase2-Authentication: MSCHAPv2
- CA-Certificate: Deutsche Telekom Root CA 2
A connection without certificate is possible but not recommended, since your are giving up on the added security from the certification process.
- User-Certificate: empty
- Identity and password: generated eduroam credentials (you will find an instructionhere)
Sometimes a space will be added to your input if you are using the AutoFill feature, depending on your android keyboard.
- Anonyme Identität: firstname.lastname@example.org
Be sure to enter the anonymous identity as described above. Otherwise you will not be able to connect to the eduroam WLAN after 09.07.2019.
You should now be able to connect to eduroam.