WiFi: Eduroam Certificate Warning

Tags eduroam

Overview

eduroam (education roaming) is the secure, worldwide roaming access service developed for the international research and education community. 

Information

When connecting to eduroam for the first time, it is normal to see the following message:

"The server radius.ns.utk.edu presented a valid certificate issued by [USERTrust RSA Certification Authority] or [AAA Certificate Services], but [USERTrust RSA Certification Authority] or [AAA Certificate Services] is not configured as a valid trust anchor for this profile"

Note: If the message says the certificate is invalid, DO NOT CONNECT!  Connecting to such a network could lead to a compromise of your username and password.  Contact the HelpDesk at 865-974-9900 and report the issue immediately. 

This warning is due to the wireless client not being configured to expect a TLS certificate with the name of 'radius.ns.utk.edu', which was issued by [USERTrust RSA Certification Authority] or [AAA Certificate Services].  When you connect to an HTTPS website, the user enters the URL (e.g.https://www.utk.edu).  The browser can validate that the entered URL matches the certificate and that the issuer of the certificate is trusted.  On a new wireless connection using the WPA2-Enterprise security protocol, the client doesn't know what the name of the certificate should be, so it must ask the user to verify that it is correct. 

For eduroam, our certificate uses the name 'radius.ns.utk.edu'.  The root CA for the certificate is [USERTrust RSA Certification Authority] or [AAA Certificate Services].

Details

Article ID: 113606
Created
Tue 8/11/20 6:33 PM
Modified
Thu 7/14/22 2:30 PM
Environment
Wireless Network

Related Articles (2)

Eduroam is the University's secure wireless network. It is a world-wide roaming access service developed for the international research and education community.