Page Comparison

Background

The eduroam wireless network uses WPA2-Enterprise with Protected Extensible Authentication Protocol (PEAP) for client authentication. PEAP requires a server-side public key certificate to create a secure TLS tunnel between the client and the authentication server. Inside this encrypted tunnel, user credentials are safely exchanged and verified. This process ensures that sensitive login information is protected from eavesdropping.

...

The authentication server certificate is issued by the University's certificate authority (CA) provider, and must be renewed yearly.

Current certificate

Certificate Verification

To manually verify the certificate chain on MacOS or Linux, perform the following:

...

1. Use openssl to extract the serial number from the certificate file

   1. GlobalSignIntermediate.pem

      1. Code Block
         openssl x509 -noout -serial -in GlobalSignIntermediate.pem | sed 's/.*=//g;s/../&:/g;s/:$//'

   2. GlobalSignRootR3.pem

      1. Code Block
         openssl x509 -noout -serial -in GlobalSignRootR3.pem | sed 's/.*=//g;s/../&:/g;s/:$//'

2. With the serial numbers recorded, visit the CA’s website and compare the listed values with the output from the terminal commands.

   1. https://support.globalsign.com/ca-certificates/intermediate-certificates/organizationssl-intermediate-certificates

   2. https://support.globalsign.com/ca-certificates/root-certificates/globalsign-root-certificates

Putting it all together

When you connect to the eduroam Wi-Fi network for the first time, or for the fist time after the yearly certificate renewal, your device will prompt you to accept the security certificate. It is good practice to examine the certificate and be confident that it comes from a trusted source.

...

Finally, you can verify using the GlobalSign website that the certificates listed here match the official certificates online.

Related articles