Eduroam Certificate Changes at the University of Vienna

When I was recently in Vienna, I was asked to have a look at an Ubuntu notebook that wouldn’t connect to University of Vienna’s Eduroam network for some time now. It turns out that they have changed their root certificate provider from Digicert to USERtrust.

Unfortunately, their communication was rather vague about the change and their official description how to configure Ubuntu for Eduroam access skips certificate configuration entirely. It does work very well without configuring a root CA certificate but that leaves the door wide open for blackhats to go on a fishing expedition with rouge Eduroam access points. So anyway, the screenshot above shows the root CA certificate that is now used as of 2021. It can be found in the /etc/ssl/certs folder of your Ubuntu installation. And for further configuration details, including the manual configuration of checking the domain suffix as part of the connection process have a look at my earlier entries here.