Source: Own Illustration
On September 9, 2025, the root certificate for the RADIUS server of eduroam and RWTH-institutes will be changed to the new DFN Community Root CA 2022 as part of a regular security measure. From this point on, only the new certificate will work – it will no longer be possible to use the old one. To ensure that you remain connected securely and without problems after September 9, you should update your WLAN configuration in good time.
Why Is the Certificate Being Replaced?
Certificates are a central component of modern network security. In the case of eduroam, the root certificate ensures that users only connect to the RADIUS server of their own university when establishing a connection.
This procedure prevents attacks by malicious third parties attempting to access WLAN login data. Certificate validation enables the end device to recognize whether the server is really trustworthy or not.
As root certificates are valid for a limited period and security standards evolve, regular replacement is necessary.
Who Is Affected?
In order for a device to successfully connect to eduroam or RWTH-institutes, the stored root certificate must be recognized as trustworthy.
Affected by the change are
- All devices with certificate verification (EAP-PEAP / EAP-TTLS).
- All devices that have installed the eduroam CAT app before June 12, 2025.
Not affected: Devices with the EAP-PWD method (for example with Android or Linux).
How Can You Continue to Use eduroam?
The safest and easiest solution:
- Reinstall eduroam CAT app after June 12, 2025.
This automatically integrates the new certificate and secures the connection. You can find step-by-step instructions on IT Center Help.
Technically experienced users can of course also install the certificate manually and admins can distribute it via the group policies. Admins have already been informed about this separately.
What Happens If You Don’t Take Action?
From September 9, 2025, devices that have not integrated the new root certificate will generally no longer be able to connect to eduroam or RWTH-institutes. In many cases, a certificate warning will appear – but this is not always visible, especially with Windows 11.
This means that
Anyone who had not previously activated validation could initially continue to establish a connection – but in an insecure manner. There is a risk of using the wrong eduroam provider and losing your access data. Only an up-to-date configuration with the new root certificate ensures that connections are protected and trustworthy.
What Does the eduroam Configuration Assistant Tool (CAT) Do?
The eduroam CAT ensures that:
- The new root certificate is installed,
- the certificate validation is active,
- only the correct RADIUS certificate is accepted.
In the extended WLAN properties, you can see that the CAT “only accepts certificates from this root certification authority”. This effectively protects against connection attempts to untrusted RADIUS servers.
Conclusion
Switching to the new root certificate is an essential step in maintaining network security. All users should therefore update their eduroam or RWTH-institutes connection in good time to avoid interruptions and risks.
Responsible for the content of this article are Thomas Böttcher, Sara Erdem and Janin Iglauer.
Leave a Reply