Android

Connecting to KIT and eduroam

The following shows how to connect to KIT. To connect to eduroam simply replace all occurrences of KIT with eduroam.

On Android Version 6 (Mashmallow) and newer, system certificates can be used and the domain of the authentication server can be configured. Please note: some vendor specific flavours of Android do not offer this option. For example Samsung. If your device has the possibility to use the systemcertificate you can skip step 1 of the instruction.

Otherwise continue with the detailed instructions.

Detailed instructions

Important: To establish a secure connection to KIT the following certificate has to be installed on your mobile device:

root certificate ("Wurzelzertifikat") T-TeleSec GlobalRoot Class 2
The certificate can be found here:

qr code to https://pki.pca.dfn.de/kit-ca/cgi-bin/pub/pki?cmd=getStaticPage;name=index;id=2&RA_ID=0

Step 1: Install the certificate

Visit this website with your mobile device and press on "Wurzelzertifikat" [figure 1]. This won't work with all browsers (for example Firefox doesn't work). The Android stock browser will work.

Either the window in [figure 2] will pop up instantly or the certificate file will be downloaded. In this case tap on the download symvol in the status bar to open the file.

Enter any name for the certificate, choose "Wi-Fi" as "Used for" and press "OK" [figure 2]. You may be asked to secure your device with a pattern or password [figure 3]. Do so.

Step 2: Connect to KIT

Go to "Settings" and then "Wi-Fi". Choose "KIT" (secured).

Configure the connection [figure 7]:

EAP method: TTLS
Phase 2 authentication: PAP
CA certificate: your choosen name for the root certificate ("Wurzelzertifikat") e.g. T-TeleSec GlobalRoot Class 2 - do not use autocomplete, because it will add a blank which won't work!
Domain: radius-wlan.scc.kit.edu
Identity: your KIT-account (e.g. ab1234 ∂does-not-exist.kit edu or uxxxx ∂does-not-exist.kit edu)
Password: your password

and press "Connect".

A secure connection to KIT should now be established [figure 8].

Android starting from version 6.0 (not all vendor specific flavours)

Figure 1: Settings on Android 6 and newer — Figure 1: Setttings on Android 6 and newer

EAP method: TTLS
Phase 2 authentication: PAP
CA certificate: Use system certificates (or if this is not available, use the certificate installed at 1.)
Domain: radius-wlan.scc.kit.edu
Identity: your KIT-account (e.g. ab1234 ∂does-not-exist.kit edu or uxxxx ∂does-not-exist.kit edu) - do not use autocomplete, because it will add a blank which won't work!
Anonymous Identity: anonymous ∂does-not-exist.kit edu
Password: your password