Eduroam – Connect anything…
There are a vast array of devices that should be able to connect to eduroam. Documenting how to connect each of these individually, and keeping that documentation up to date, would be impossible. Therefore the generic guidance below is designed so you can work out the settings for your device by exploring the available options you have, and checking which will work (do check for specific instructions for your computer if you haven’t already).
Your device will need to be able to do Enterprise WPA2, if you’re not sure, check below anyway, but if none of your options match what is below, it is unlikely your device is capable of connecting. There is a list of additional requirements / anomalies for certain devices at the bottom of the page.
There are two main steps to complete:
Import the University’s Net CA Certificate
- You will need to Import the University’s Net CA Certificate to your device. This can usually be achieved by using the device’s web browser. Unfortunately, different devices require different certificate file formats, so you will have to try each one until it works…
- Navigate to: https://www.wireless.bris.ac.uk/certs/
- Click on each of the “UoB Net CA cert…” links. If your browser displays garbled text, then go back to https://www.wireless.bris.ac.uk/certs/
- When you get the right link [certificate format] for your device, you should be able to open and import the certificate.
- Your device will tell you when you have imported the certificate correctly.
- If you can not import the certificate via the web browser, you may have to use a Certificate Manager program. This would usually be found in the Settings or Control Panel menus.
- For some devices you may have to run the Certificate Manager program on a PC while your device is docked / connected to the PC
- If you are unsure, search the Internet for: Import CA certificate <name of your device>
Configure wireless settings
The settings presented below are in the approximate order you will be asked for them. For each setting, any alternative names for the setting are given. Then the values for the setting that will work are listed. Sometimes you will have more than one option available on your device. The most preferable is listed first in the table. The last column lists options for this setting that will definitely not work. Each particular device may not ask you for all of the listed settings – just use those you are asked for.
| Setting name | Should work | Will not work |
| Network name, SSID |
eduroam | eDuRoAm (it must be all lowercase to work) |
| Network mode | Infrastructure | ad-hoc Computer-to-Computer |
| Wireless security, Network authentication |
WPA2 Enterprise, WPA Enterprise, WPA2, WPA, |
WEP, WPA2-PSK, WPA-PSK, Shared, Open |
| Data encryption | AES, CCMP |
56-bit 64-bit 104-bit 128-bit WEP |
| WPA2 only mode | Off, Disabled |
|
| Pre-shared key, shared password, network key |
If you get asked for this, then either your previous Wireless security setting choice is incorrect (see above), or your device is not capable of connecting (not capable of Enterprise WPA2). | |
| EAP settings / type / outer method | PEAP Protected-EAP PEAPv0 Tunnelled-TLS TTLS (although it may be possible to enable more than one EAP type at a time, it is better to only enable one, disable any others) |
TLS, Smart card LEAP GTC AKA MD5 PEAPv1 |
| User certificate | Must be left blank | |
| CA Certificate, Certificate Authority, Trusted Root CA |
University of Bristol Net CA | Anything else |
| Validate server certificate, Validate server name |
Yes, Enabled |
Although the connection might work with this disabled, it will be very insecure, you MUST ensure server certificate validation is enabled. |
| Server name, Trusted servers |
eduroam.wireless.bris.ac.uk | |
| Inner EAP method, Inner link security, Authentication method, Phase 2 authentication, PEAP sub type |
MS-CHAPv2, EAP-MSCHAPv2 EAP MSV2-Challenge, PEAPv0/MSCHAPv2, MSCHAP2 |
PAP, Certificate, MS-CHAP |
| Cipher, TTLS Cipher |
AES, SHA, 3DES (Leave the default settings if you are not sure) |
RC4 MD5 |
| Domain | Must be blank | |
| Realm | bristol.ac.uk | |
| Outer Identity, Outer Username, Anonymous identity, Initial identity |
nobody@bristol.ac.uk (This must be all lowercase and end with @bristol.ac.uk) |
|
| Username, Inner identity, MSCHAPv2 identity |
Your Bristol Username (lowercase) (N.B. If there is only one box for username and you have not entered a ‘realm’ or ‘outer identity’ as above, you must append @bristol.ac.uk to your username, e.g. ab12345@bristol.ac.uk |
|
| Password | Your normal Bristol password (case sensitive) | |
| Anything else | Generally can be left at the default value, or left blank. | |
Additional requirements
Certain devices may need some additional software or configuration. These details are noted below:
• Nokia N900 / Maemo devices
You need to configure the wireless manually (don’t “scan for networks”). After configuring as above, you need to click the Advanced-settings button, change to the EAP page, select Use manual user name and enter @bris.ac.uk in the box.
• Palm T|X
If Enterprise is not listed in the wireless security options choice, you will need to install the Palm Enterprise Security Update before attempting to connect to eduroam.
