Installing the Certificate
- If you have not already installed an eduroam security certificate, click on this link to download the certificate: www.its.qmul.ac.uk/network-services/NetworkSupportRootCA-cacert
- In the Downloads window, open the file.
The Add Certificates dialogue box will open and ask you if you want to add the certificate to a keychain.
- Select either login or system from the Keychain drop-down and click OK.
- You will then see a dialogue asking if you want to trust certificates signed by "NetworkSupportRootCA" from now on. If you want to set them to Trusted status, click on 'Always Trust'. (If you don't do this, you'll see a warning message every time you connect to eduroam at QMUL).
You will be prompted to enter your local password to authorise the change. Enter your account password for the machine you're using. You may need to do this more than once; if nothing seems to happen after the first time you enter your details, check that there is not a second prompt open on your desktop.
Accessing the eduroam network
- Go to Applications -> Internet Connect, or select Open Internet Connect... from the AirPort icon.
- To enable the 802.1x client, select New 802.1X Connection... from Internet Connect's File menu.
A new connection will now be displayed on the Internet Connect window, and you will be able to edit its 802.1x settings.
- From the Configuration pop-up menu, select Edit Configurations...
- Enter a memorable name for the connection.
- If your machine is connected to a wired network port, select Ethernet, for wireless access select Airport. Enter 'eduroam' as the network.
- Ensure that authentication is set to TTLS and PEAP.
- Click OK and Connect.
Verifying the Certificate
If a dialogue appears on connection warning you that: "The server certificate is signed by an unknown root certificate authority", you should check the certificate and satisfy yourself that this is the correct network.
- Click on 'Show Certificate'. The Verify Certificate window will expand to display more details. The correct certificate is radius2.qmul.ac.uk, with an expiry date of 13/5/2018. Above the certificate pane you will see a 'chain of trust' going back to "NetworkSupportRootCA".
- If you see a different chain, you are connecting to an unknown server and you should not continue.
- If you see the chain but red circles with crosses appear against each entry, the root certificate has not been installed correctly.
- You can prevent the warning message "This certificate was signed by an untrusted issuer" by checking 'Always trust these certificates', as explained above.
- Click on Continue.
Login using either
- a QMUL account - for students this is a College Teaching Service account and for staff it is a College IMAP (email) account; enter your username in the format 'firstname.lastname@example.org'.
- a departmental account, such as those issued by the School of Mathematics or the Department of Electronic Engineering and Computer Science (e.g. 'email@example.com') you should first follow any instructions given by the department concerned as department-specific configuration will be required. See, for example, EECS instructions.