{"id":15659,"date":"2023-05-17T13:15:12","date_gmt":"2023-05-17T11:15:12","guid":{"rendered":"https:\/\/blog.rwth-aachen.de\/itc\/?p=15659"},"modified":"2023-05-26T14:11:34","modified_gmt":"2023-05-26T12:11:34","slug":"wlan-news-teil-1-zertifikat-radius","status":"publish","type":"post","link":"https:\/\/blog.rwth-aachen.de\/itc\/en\/2023\/05\/17\/wlan-news-teil-1-zertifikat-radius\/","title":{"rendered":"WiFi News &#8211; Part 1: New Certificate for the RADIUS Server"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_15659 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_15659')){$('.twoclick_social_bookmarks_post_15659').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blog.rwth-aachen.de\\\/itc\\\/en\\\/2023\\\/05\\\/17\\\/wlan-news-teil-1-zertifikat-radius\\\/\",\"post_id\":15659,\"post_title_referrer_track\":\"WiFi+News+%26%238211%3B+Part+1%3A+New+Certificate+for+the+RADIUS+Server\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p><div id=\"attachment_15664\" style=\"width: 310px\" class=\"wp-caption alignright\"><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/05\/draufsicht-des-wi-fi-routers-mit-smartphone-1-scaled.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-15664\" class=\"size-medium wp-image-15664\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/05\/draufsicht-des-wi-fi-routers-mit-smartphone-1-300x200.jpg\" alt=\"Front view of smartphone and WiFi router\" width=\"300\" height=\"200\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/05\/draufsicht-des-wi-fi-routers-mit-smartphone-1-300x200.jpg 300w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/05\/draufsicht-des-wi-fi-routers-mit-smartphone-1-1024x683.jpg 1024w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/05\/draufsicht-des-wi-fi-routers-mit-smartphone-1-768x512.jpg 768w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/05\/draufsicht-des-wi-fi-routers-mit-smartphone-1-1536x1024.jpg 1536w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/05\/draufsicht-des-wi-fi-routers-mit-smartphone-1-2048x1365.jpg 2048w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><p id=\"caption-attachment-15664\" class=\"wp-caption-text\">Source: <a href=\"https:\/\/de.freepik.com\/fotos-kostenlos\/draufsicht-des-wi-fi-routers-mit-smartphone_11382232.htm\" target=\"_blank\" rel=\"noopener\">Freepik<\/a><\/p><\/div><\/p>\n<p>For the expiration of the server certificate of our authentication server radius.rz.rwth-aachen.de the certificate on the system will be exchanged on <strong>May 23, 2023<\/strong>. This has already been announced in the <a href=\"https:\/\/maintenance.itc.rwth-aachen.de\/ticket\/status\/messages\/1\/show_ticket\/8216\" target=\"_blank\" rel=\"noopener\">status message portal<\/a>.<\/p>\n<p>You will be affected by these changes the next time you log in to eduroam. What you have to do to continue using the WiFi, we explain in the following blog post.<\/p>\n<p><!--more--><\/p>\n<h3><span style=\"color: #00549f;\">New RADIUS Certificate<\/span><\/h3>\n<p>The server certificate of the RADIUS server is usually renewed every 13 months. On May 27, 2023, the current server certificate will expire. For this reason, a migration from the old server certificate for the RADIUS server to the new certificate will take place on <strong>May 23, 2023<\/strong>. The migration will normally be almost imperceptible for you.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">What Does This Mean for Eduroam?<\/span><\/h3>\n<p>After the exchange of the server certificate on radius.rz.rwth-aachen.de, the operating system will indicate the change with a message. This will happen the next time you log in to eduroam after the target date. When connecting to the WiFi, users will be prompted to decide whether a WiFi connection should be established or not.<\/p>\n<p>The message is displayed in full by clicking on &#8220;Show certificate details&#8221;. The certification authority and the fingerprint, which represents the uniqueness of a server, are shown to you. It is important to make sure that the displayed fingerprint matches the fingerprint of the new certificate.<\/p>\n<div id=\"attachment_15677\" style=\"width: 273px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/05\/DFN_eduroam_mit-Markierung-1.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-15677\" class=\"size-medium wp-image-15677\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/05\/DFN_eduroam_mit-Markierung-1-263x300.png\" alt=\"Message with fingerprint when logging into eduroam\" width=\"263\" height=\"300\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/05\/DFN_eduroam_mit-Markierung-1-263x300.png 263w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/05\/DFN_eduroam_mit-Markierung-1.png 562w\" sizes=\"auto, (max-width: 263px) 100vw, 263px\" \/><\/a><p id=\"caption-attachment-15677\" class=\"wp-caption-text\">Source: Own illustration<\/p><\/div>\n<h3><span style=\"color: #00549f;\">Fingerprints<\/span><\/h3>\n<p>For your orientation we have summarized the <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/b3d9a2c8ae5345b8b8f5128143ef4e3c\/article\/96f2bac81f1d479faac5b6e0d9e0d655\/\" target=\"_blank\" rel=\"noopener\">fingerprints<\/a> of the RADIUS server on IT Center Help. In this overview, first look for the authority that issued the certificate, such as <em>DFN-Verein Global Issuing CA<\/em>. Depending on which operating system is used, the SHA1 fingerprint, the SHA256 fingerprint or the serial number is requested. You then compare these fingerprints in IT Center Help with the ones displayed to you when you connect to eduroam.<\/p>\n<p>The reason for matching the fingerprints is that hackers cannot simply grab network access data from users who click &#8220;Connect&#8221; without verification. Just as human fingerprints are unique, so are those of servers.<\/p>\n<p>If the fingerprint does not match, you have the following two options:<\/p>\n<ol>\n<li>note the time, location, and fingerprint. Then report it to the <a href=\"mailto:servicedesk@itc.rwth-aachen.de\" target=\"_blank\" rel=\"noopener\">IT-ServiceDesk<\/a> via e-mail.<\/li>\n<li>go to another location and try again to log in to eduroam.<\/li>\n<\/ol>\n<p>Further help and configuration instructions for the corresponding operating systems can also be found on <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/b3d9a2c8ae5345b8b8f5128143ef4e3c\/article\/cbaa4207a17643ebb3347d62ce021336\/\" target=\"_blank\" rel=\"noopener\">IT Center Help<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<p>In the second part of the WiFi News blog series, we will give you a general overview of the relationship between certificates and eduroam.<\/p>\n<p>&nbsp;<\/p>\n<p>Responsible for the content of this article is <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/it-center\/IT-Center\/Profil\/Team\/~epvp\/Mitarbeiter-CAMPUS-\/?gguid=0xEFE758683719544CA2E760636B6AF6CF&amp;allou=1&amp;lidx=1\" target=\"_blank\" rel=\"noopener\">Jelena \u0106ulum<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Sorry, this entry is only available in Deutsch.<\/p>\n","protected":false},"author":4530,"featured_media":15663,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"c2c_always_allow_admin_comments":false,"footnotes":""},"categories":[306,314],"tags":[448,908,728,626],"class_list":["post-15659","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ankuendigungen","category-it-sicherheit","tag-eduroam","tag-radius","tag-wlan","tag-zertifikate"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/15659","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/users\/4530"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/comments?post=15659"}],"version-history":[{"count":10,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/15659\/revisions"}],"predecessor-version":[{"id":15822,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/15659\/revisions\/15822"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/media\/15663"}],"wp:attachment":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/media?parent=15659"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/categories?post=15659"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/tags?post=15659"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}