Table of Contents
Education Roaming (eduroam) is a worldwide Internet access service for educational and research institutions and their staff and students. It enables Internet access at the sites of all participating organisations using their own username and password.
In order to use eduroam an eduroam compatible, valid account with one of the participating institutions is required. The accounts of the GWDG (employees and students of the university) and of the Max-Planck-Institute are eduroam compatible. Eduroam is an encrypted radio link (WPA2).
Please always follow our instructions or programs when setting up the eduroam on your device and do not use the automatic functions of your device. To ensure a secure eduroam configuration, it is strongly recommended to set up eduroam using the configuration wizard (CAT tool)!
Many systems use only weak security checks or no security checks at all for automatic setting, which could allow an attacker to intercept your password at any time. He only needs to be within radio range of your device.
Important change in the use of eduroam
In the context of the expiration of the root certificate “Deutsche Telekom Root CA 2“ on July 10, 2019, which has been announced for some time, the certificate used to encrypt the login process in WLAN eduroam will expire on July 1, 2019. For all concerned users, there is an urgent need for action to be able to use the popular and wide-spread eduroam access even after this date.
The GWDG recommends an early installation of eduroam with the new required settings before 30 June 2019!
Why does the Wi-Fi configuration for eduroam have to be changed?
As you may have already learned, the current root certificate “Deutsche Telekom Root CA 2” (Generation 1), which is also used for the W-Fi eduroam at the GWDG and the University of Göttingen, expires on July 10, 2019 and loses its validity. It will be replaced by the new root certificate “T-TeleSec Global Root Class 2” (Generation 2). For devices on which Wi-Fi eduroam is installed and which use an intermediate certification chain of the still valid old generation 1 and not already of the new generation 2, the validity period will be shortened to June 30, 2019, deviating from the root certificate “Deutsche Telekom Root CA 2”.
Therefore, the GWDG's eduroam authentication servers will only accept the new root certificate “T-TeleSec Global Root Class 2” after June 30, 2019. For all devices with eduroam access that have not yet installed the new root certificate, this means that Wi-Fi eduroam must be set up again if eduroam is to continue to be used. After June 30, 2019, registration with the old root certificate will no longer be possible. The Wi-Fi configuration can, of course, still be reset at any time after this date. There will be no further disadvantages in the case of late subsequent new setup, with the exception of the missing possibility of using eduroam; in particular, no security problems will result from this.
Which users need to change their Wi-Fi configuration for eduroam?
Not all users have to change their Wi-Fi configuration for eduroam, because many devices already include the new certificate and the associated external identity firstname.lastname@example.org in the Wi-Fi configuration for eduroam.
If you used the CAT tool provided by DFN-Verein when setting up eduroam access with an account managed by GWDG, your device may already have the new root certificate and the external identity email@example.com installed in the eduroam profile. For users who have installed the eduroam profile on their devices at https://cat.eduroam.org via the organisations “University of Göttingen” and “GWDG”, the new root certificate and the external identity firstname.lastname@example.org were already added to the CAT tool in autumn 2017. For the Max Planck Institutes, whose eduroam profiles are maintained by the GWDG at https://cat.eduroam.org, this was done in autumn 2018.
Unfortunately, the manual check as to whether the new root certificate and the external identity email@example.com have already been installed in the eduroam profile of a device differs greatly depending on the operating system used and is in many cases only cumbersome or even impossible without more precise expertise. We therefore recommend in any case that you set up your eduroam account as soon as possible if you cannot determine a clearly positive result.
How should the W-Fi configuration for eduroam be changed?
In order to enforce a stricter, roaming-compliant eduroam configuration in the future and to avoid errors, the eduroam access should no longer be set up manually if possible, but only with the help of the user-friendly CAT tools of the GÉANT organisation at https://cat.eduroam.org, which also includes the DFN-Verein. This allows the desired eduroam profiles to be quickly and securely installed over the network for all operating systems supported by DFN-Verein. The eduroam-CAT (eduroam Configuration Assistant Tool) provides automatic eduroam configuration wizards for Windows, macOS, Linux, Chrome OS, iOS and Android.
This also ensures that the new root certificate and - equally important - the external identity firstname.lastname@example.org are implemented in the eduroam profile. After June 30, 2019, only users with an external identity email@example.com will be able to log on to the Wi-Fi eduroam.
Instructions for downloading the CAT tool and setting up eduroam for the various operating systems are available here. If you have any questions regarding the conversion of Wi-Fi eduroam, please do not hesitate to contact us at https://www.gwdg.de/support or send an e-mail to firstname.lastname@example.org .
Setting up the eduroam with the Configuration Wizard
The eduroam CAT (eduroam Configuration Assistant Tool) is a GÉANT Association powered web site that provides automatic Eduroam configuration wizards for Windows, macOS, Linux, Chrome OS, iOS, and Android. The assistants for Goettingen can be found here. More detailed instructions on how to use the wizards and how to manage problems can be found in the operating system specific articles linked in the Tutorials section.
When you are asked for your username enter your username in the following manner:
|<vorname.nachname>@||stud.uni-goettingen.de||Students of Göttingen University (Students e-mail address)|
|<username>@||gwdg.de||GWDG users and staff|
|<username>@||uni-goettingen.de||Staff of Göttingen University|
|<username>@||mpibpc.mpg.de||Staff of the Max Planck Institute for Biophysical Chemistry|
|<username>@||cec.mpg.de||Staff of the Max-Planck Institute for Chemical Energy Conversion|
|<username>@||mpi-halle.mpg.de||Staff of the Max Planck Institute of Microstructure Physics|
|<username>@||em.mpg.de||Staff of the Max Planck Institute of Experimental Medicine|
|<username>@||evolbio.mpg.de||Staff of the Max Planck Institute for Evolutionary Biology|
|<username>@||zv.uni-goettingen.de||Staff of the University Central Institutions|
|<username>@||zvw.uni-goettingen.de||Staff of the University Central Institutions|
|<nachname_vorname>@||med.uni-goettingen.de||Staff of the University Medical Center Göttingen|
|<username>@||mmg.mpg.de||Staff of the Max Planck Institute for the Study of Religious and Ethnic Diversity|
|<username>@||mpimf-heidelberg.mpg.de||Staff of the Max Planck Institute for Medical Research Heidelberg|
|<username>@||mpi-dortmund.mpg.de||Staff of the Max Planck Institute of Molecular Physiology|
|<mailadresse>@||psych.mpg.de||Staff of the Max Planck Institute of Psychiatry Munich|
|<username>@||dpz.eu||Staff of the German Primate Center|
|<eduxxx>@||mucam.mpg.de||Staff of the Max Planck Institute for Social Law and Social Policy|
|<vorname.nachname>@||ip.mpg.de||Staff of the Max Planck Institute for Innovation and Competition|
|<vorname.nachname>@||tax.mpg.de||Staff of the Max Planck Institute for Tax Law and Public Finance|
|<username>@||sf.mpg.de||Staff of the Max Planck Institute for Metabolism Research|
|<username>@||mps.mpg.de||Staff of the Max Planck Institute for Solar System Research Göttingen|