Some Eduroam Networks Now Use Root Certificates

And today another quick post on Eduroam, the federated Internet access authentication solution for students and researchers.

When I recently noticed that one of the certificates in the certificate chain I put together for an Austrian Eduroam user I support would expire early next year, I set out to do some preventive maintenance and put together a new chain. Quite to my surprise it seems to be no longer necessary!

According to their updated descriptions, their latest certificates are signed directly by the Digicert public root certificate and hence, no certificate chain is necessary anymore. What’s even better is that this public key is part of Linux’ standard SSL package so there is no need to get a key/certificate from anywhere and install it. The ‘Windows’ support pages of the Vienna Eduroam setup makes this quite clear but unfortunately the Linux version has not been updated. A bit of a shame.

But anyway, if you have a Linux device that you have configured yourself for Eduroam access with a certificate chain, check its validity when you have a minute. In case of the University of Vienna, this is the root certificate to use:

/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem

I quickly had a look at which certificates other institutions use for their Eduroam setup and the two I looked at also get their setup signed by public root certificates. In the case of the University of Cologne, they even asked their users to update their configuration as soon as possible, as their previous certificate setup would stop working soon.