Android

Connecting to KIT and eduroam

The following shows how to connect to KIT. To connect to eduroam simply replace all occurrences of KIT with eduroam.

On Android Version 6 (Mashmallow) and newer, system certificates can be used and the domain of the authentication server can be configured. Please note: some vendor specific flavours of Android do not offer this option. For example Samsung. If your device has the possibility to use the systemcertificate you can skip step 1 of the instruction.

Otherwise continue with the detailed instructions.

Detailed instructions

Important: To establish a secure connection to KIT the following certificate has to be installed on your mobile device:

root certificate ("Wurzelzertifikat") T-TeleSec GlobalRoot Class 2
The certificate can be found here:

qr code to https://pki.pca.dfn.de/kit-ca/cgi-bin/pub/pki?cmd=getStaticPage;name=index;id=2&RA_ID=0

Step 1: Install the certificate

Visit this website with your mobile device and press on "Wurzelzertifikat" [figure 1].  This won't work with all browsers (for example Firefox doesn't work). The Android stock browser will work.

Either the window in  [figure 2] will pop up instantly or the certificate file will be downloaded. In this case tap on the download symvol in the status bar to open the file.

Enter any name for the certificate, choose "Wi-Fi" as "Used for" and press "OK" [figure 2]. You may be asked to secure your device with a pattern or password [figure 3]. Do so.

Figure 1: Certificate website
Figure 1: Certificate website
Figure 2: Certificate name
Figure 2: Certificate name
Figure 3: Security
Figure 3: Security

Step 2: Connect to KIT

Go to "Settings" and then "Wi-Fi". Choose "KIT" (secured).

Configure the connection [figure 7]:

  • EAP method: TTLS
  • Phase 2 authentication: PAP
  • CA certificate: your choosen name for the root certificate ("Wurzelzertifikat") e.g. T-TeleSec GlobalRoot Class 2 - do not use autocomplete, because it will add a blank which won't work!
  • Domain: radius-wlan.scc.kit.edu
  • Identity: your KIT-account (e.g. ab1234 does-not-exist.kit edu or uxxxx@kit.edu)
  • Password: your password

and press "Connect".

Figure 7: Configuration
Figure 7: Configuration
Figure 8: Established connection
Figure 8: Established connection

A secure connection to KIT should now be established [figure 8].

Android starting from version 6.0 (not all vendor specific flavours)

Figure 1: Settings on Android 6 and newer
Figure 1: Setttings on Android 6 and newer
  • EAP method: TTLS
  • Phase 2 authentication: PAP
  • CA certificate: Use system certificates (or if this is not available, use the certificate installed at 1.)
  • Domain: radius-wlan.scc.kit.edu
  • Identity: your KIT-account (e.g. ab1234 does-not-exist.kit edu or uxxxx@kit.edu) - do not use autocomplete, because it will add a blank which won't work!
  • Anonymous Identity: anonymous does-not-exist.kit edu
  • Password: your password