WiFi: Eduroam Certificate Warning

Tags eduroam


eduroam (education roaming) is the secure, world-wide roaming access service developed for the international research and education community. 


When connecting to eduroam for the first time, it is normal to see the following message:

"The server radius.ns.utk.edu presented a valid certificate issued by AddTrust External CA Root, but AddTrust External CA Root is not configured as a valid trust anchor for this profile"

Note: If the message says that the certificate is not valid, DO NOT CONNECT!  Connecting to such a network could lead a compromise of your username and password.  Contact the HelpDesk at 865-974-9900 and report the issue immediately. 

This warning is due to the wireless client not being configured to expect a TLS certificate with a name of 'radius.ns.utk.edu' which was issued by AddTrust External CA Root.  When you connect to an https website, the users enters the URL (e.g.https://www.utk.edu).  The browser can validate that the entered URL matches the certificate and that the issuer of the certificate is trusted.  On a new wireless connection using the WPA2-Enterprise security protocol, the client doesn't know what the name of the certificate should be, so it must ask user to verify that it is correct. 

For eduroam, our certificate uses the name 'radius.ns.utk.edu'.  The root CA for the certificate is Addtrust External Root CA.


Article ID: 113606
Tue 8/11/20 6:33 PM
Tue 3/8/22 9:17 AM
Wireless Network