Android
Connecting to KIT and eduroam
The following shows how to connect to KIT. To connect to eduroam simply replace all occurrences of KIT with eduroam.
On Android Version 6 (Mashmallow) and newer, system certificates can be used and the domain of the authentication server can be configured. Please note: some vendor specific flavours of Android do not offer this option. For example Samsung. If your device has the possibility to use the systemcertificate you can skip step 1 of the instruction.
Otherwise continue with the detailed instructions.
Detailed instructions
Important: To establish a secure connection to KIT the following certificate has to be installed on your mobile device:
root certificate ("Wurzelzertifikat") T-TeleSec GlobalRoot Class 2
The certificate can be found here:
Step 1: Install the certificate
Visit this website with your mobile device and press on "Wurzelzertifikat" [figure 1]. This won't work with all browsers (for example Firefox doesn't work). The Android stock browser will work.
Either the window in [figure 2] will pop up instantly or the certificate file will be downloaded. In this case tap on the download symvol in the status bar to open the file.
Enter any name for the certificate, choose "Wi-Fi" as "Used for" and press "OK" [figure 2]. You may be asked to secure your device with a pattern or password [figure 3]. Do so.
Step 2: Connect to KIT
Go to "Settings" and then "Wi-Fi". Choose "KIT" (secured).
Configure the connection [figure 7]:
- EAP method: TTLS
- Phase 2 authentication: PAP
- CA certificate: your choosen name for the root certificate ("Wurzelzertifikat") e.g. T-TeleSec GlobalRoot Class 2 - do not use autocomplete, because it will add a blank which won't work!
- Domain: radius-wlan.scc.kit.edu
- Identity: your KIT-account (e.g. ab1234 ∂does-not-exist.kit edu or uxxxx@kit.edu)
- Password: your password
and press "Connect".
A secure connection to KIT should now be established [figure 8].
Android starting from version 6.0 (not all vendor specific flavours)
- EAP method: TTLS
- Phase 2 authentication: PAP
- CA certificate: Use system certificates (or if this is not available, use the certificate installed at 1.)
- Domain: radius-wlan.scc.kit.edu
- Identity: your KIT-account (e.g. ab1234 ∂does-not-exist.kit edu or uxxxx@kit.edu) - do not use autocomplete, because it will add a blank which won't work!
- Anonymous Identity: anonymous ∂does-not-exist.kit edu
- Password: your password