{"id":16057,"date":"2023-06-16T12:30:05","date_gmt":"2023-06-16T10:30:05","guid":{"rendered":"https:\/\/blog.rwth-aachen.de\/itc\/?p=16057"},"modified":"2023-09-01T15:27:53","modified_gmt":"2023-09-01T13:27:53","slug":"wlan-news-teil-2-eduroam-zertifikate","status":"publish","type":"post","link":"https:\/\/blog.rwth-aachen.de\/itc\/en\/2023\/06\/16\/wlan-news-teil-2-eduroam-zertifikate\/","title":{"rendered":"WLAN News \u2013 Part 2: eduroam and certificates"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_16057 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_16057')){$('.twoclick_social_bookmarks_post_16057').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blog.rwth-aachen.de\\\/itc\\\/en\\\/2023\\\/06\\\/16\\\/wlan-news-teil-2-eduroam-zertifikate\\\/\",\"post_id\":16057,\"post_title_referrer_track\":\"WLAN+News+%E2%80%93+Part+2%3A+eduroam+and+certificates\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p><div id=\"attachment_16064\" style=\"width: 310px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-16064\" class=\"size-medium wp-image-16064\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/06\/draufsicht-des-wi-fi-symbols-1-300x300.jpg\" alt=\"Top view of the Wifi icon\" width=\"300\" height=\"300\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/06\/draufsicht-des-wi-fi-symbols-1-300x300.jpg 300w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/06\/draufsicht-des-wi-fi-symbols-1-1024x1024.jpg 1024w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/06\/draufsicht-des-wi-fi-symbols-1-150x150.jpg 150w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/06\/draufsicht-des-wi-fi-symbols-1-768x768.jpg 768w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/06\/draufsicht-des-wi-fi-symbols-1-1536x1536.jpg 1536w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/06\/draufsicht-des-wi-fi-symbols-1-2048x2048.jpg 2048w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2023\/06\/draufsicht-des-wi-fi-symbols-1-50x50.jpg 50w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><p id=\"caption-attachment-16064\" class=\"wp-caption-text\">Source: <a href=\"https:\/\/de.freepik.com\/fotos-kostenlos\/draufsicht-des-wi-fi-symbols_11382251.htm#&amp;position=32&amp;from_view=collections\">Freepik<\/a><\/p><\/div><\/p>\n<p>The Wi-Fi network eduroam is available on the entire campus of the RWTH Aachen University. If you have already configured eduroam on your mobile devices and chosen an automatic connection, your devices will connect to eduroam in the background. This happens as soon as your devices detect a network with the name eduroam in the vicinity.<\/p>\n<p>Behind a secure connection to eduroam lie certificate structures that guarantee this security. But how exactly do these processes work? In the following blog post, we hope to provide answers to these and other questions.<\/p>\n<p><!--more--><\/p>\n<h3><span style=\"color: #00549f;\">Where does my login information go?<\/span><\/h3>\n<p>Your eduroam credentials, which you have generated via the <a href=\"https:\/\/app.rwth-aachen.de\/eduroam\/\">eduroam device manager<\/a>, are transmitted via the wlan infrastructure to the authentication server of RWTH Aachen University, radius.rz.rwth-aachen.de (RADIUS). This happens every time you log on to the eduroam network. The connection from your device to the RADIUS server is encrypted so that your data is secure during transmission.<\/p>\n<p>But how do you know if your credentials are being sent through a legitimate eduroam access point and to the correct (real) authentication server?<\/p>\n<p>To do this, your device must check the certificate of the RADIUS server. To confirm the identity of this server, you have to validate and trust the SSL certificate (also called TLS certificate) of the RADIUS server once. You do this by comparing the fingerprint of the presented certificate with the <a href=\"https:\/\/help.itc.rwth-aachen.de\/service\/b3d9a2c8ae5345b8b8f5128143ef4e3c\/article\/96f2bac81f1d479faac5b6e0d9e0d655\/\">fingerprint we have published in the rwth intranet<\/a> when you connect for the first time or after a certificate change. You can read more about this in the first blog post <a href=\"https:\/\/blog.rwth-aachen.de\/itc\/2023\/05\/17\/wlan-news-teil-1-zertifikat-radius\/\">&#8220;WLAN News &#8211; Part 1: New certificate for the RADIUS server&#8221;<\/a>.<\/p>\n<h3><span style=\"color: #00549f;\">Changing the RADIUS certificate to the G\u00c9ANT\/TCS certification authority<\/span><\/h3>\n<p>The RADIUS certificate was previously issued by the DFN-PKI and last replaced on May 23, 2023. A new certificate will be installed on August 1, 2023. This newer RADIUS certificate was issued by the G\u00c9ANT\/TCS (PKI), as the service provider for certificates was changed at the end of 2022. The SSL certificates of the G\u00c9ANT\/TCS belong to a new certificate chain which leads to a new root certificate, that of the certification authority Comodo CA Limited.<\/p>\n<p>The new certificate chain has the following structure:<\/p>\n<h4>Future RADIUS certificate (from August 1, 2023):<\/h4>\n<p>Subject: C = DE, ST = Nordrhein-Westfalen, O = RWTH Aachen University, CN = <strong>radius.rz.rwth-aachen.de<\/strong><\/p>\n<p>Issuer: C = NL, O = <strong>GEANT Vereniging<\/strong>, CN = GEANT OV RSA CA 4<\/p>\n<h4>G\u00c9ANT certificate (intermediate):<\/h4>\n<p>Subject: C = NL, O = <strong>GEANT Vereniging<\/strong>, CN = GEANT OV RSA CA 4<\/p>\n<p>Issuer: C = US, ST = New Jersey, L = Jersey City, O = <strong>The USERTRUST Network<\/strong>, CN = USERTrust RSA Certification Authority<\/p>\n<h4>Usertrust certificate (intermediate):<\/h4>\n<p>Subject: C = US, ST = New Jersey, L = Jersey City, O = <strong>The USERTRUST Network<\/strong>, CN = USERTrust RSA Certification Authority<\/p>\n<p>Issuer: C = GB, ST = Greater Manchester, L = Salford, O = <strong>Comodo CA Limited<\/strong>, CN = AAA Certificate Services<\/p>\n<h4>Comodo certificate (root):<\/h4>\n<p>Subject: C=GB,ST=Greater Manchester,L=Salford,O=<strong>Comodo CA Limited<\/strong>,CN=AAA Certificate Services<\/p>\n<p>Issuer: C=GB,ST=Greater Manchester,L=Salford,O=<strong>Comodo CA Limited<\/strong>,CN=AAA Certificate Services<\/p>\n<h3><span style=\"color: #00549f;\">The eduroam CAT (Configuration Assistant Tool)<\/span><\/h3>\n<p>If you use the eduroam CAT to configure eduroam on your device, the name of the RADIUS server and the certificate chain are installed on your device. With the help of the server name, your device checks whether the correct RADIUS server is being addressed. The operating system then uses the root certificate to check whether this RADIUS server presents a certificate issued by a trusted certification authority. You can always find an overview of RADIUS certificates and certificate chains for the configuration of eduroam on <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/b3d9a2c8ae5345b8b8f5128143ef4e3c\/article\/96f2bac81f1d479faac5b6e0d9e0d655\/\">IT Center Help<\/a>.<\/p>\n<p>Recently, in <a href=\"https:\/\/blog.rwth-aachen.de\/itc\/2023\/05\/17\/wlan-news-teil-1-zertifikat-radius\/\">the first part of the blog series on WLAN News<\/a>, we reported on the recent change of the RADIUS server certificate in May 2023. In the third part, we will take a closer look at the root certificate.<\/p>\n<p>&nbsp;<\/p>\n<hr \/>\n<p>Responsible for the content of this article is <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/it-center\/IT-Center\/Profil\/Team\/~epvp\/Mitarbeiter-CAMPUS-\/?gguid=0xEFE758683719544CA2E760636B6AF6CF&amp;allou=1&amp;lidx=1\">Jelena \u0106ulum<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Sorry, this entry is only available in Deutsch.<\/p>\n","protected":false},"author":2051,"featured_media":16063,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"c2c_always_allow_admin_comments":false,"footnotes":""},"categories":[306,314,315],"tags":[930,448,449,728,124,626],"class_list":["post-16057","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ankuendigungen","category-it-sicherheit","category-services-support","tag-certificate","tag-eduroam","tag-wifi","tag-wlan","tag-zertifikat","tag-zertifikate"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/16057","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/users\/2051"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/comments?post=16057"}],"version-history":[{"count":8,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/16057\/revisions"}],"predecessor-version":[{"id":16758,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/16057\/revisions\/16758"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/media\/16063"}],"wp:attachment":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/media?parent=16057"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/categories?post=16057"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/tags?post=16057"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}