2024-08-28: Eduroam, UCSB Secure - SSL Certificate update - September 3rd, 8:00-8:30am (posting on behalf of John Niessen Associate Director, Network & Security Services)

As many of you know, SSL certificates are only valid for one year. This includes the SSL certificates used to encrypt logins to the eduroam and UCSB Secure wireless networks. New certificates will be deployed on Tuesday, September 3rd, between 8:00-8:30am.

Updating the SSL certificates will result in many client devices failing to automatically join the wireless network. This is due to the fact that most people simply accept the existing certificate the first time they join the network, so any change of the certificate will prevent an automatic join.

Some devices will prompt the user with a message indicating a new certificate has been presented, and asking whether to accept the new certificate. Accepting the new certificate will restore connectivity for another year.

Other devices may require the user to "forget" the network, then manually select it and re-join. Although UCSB Secure still exists, eduroam is the recommended wireless network. Use of eduroam requires a login of the form, NetID@ucsb.edu (e.g. joegaucho@ucsb.edu), along with the appropriate NetID password. The so-called "Phase 1" authentication type is PEAP, and "Phase 2" is MSCHAPv2.

Another option for device configuration is the use of eduroam's Configuration Assistant Tool (CAT), available at https://cat.eduroam.org/ . The web page has configuration information for multiple operating systems, and it is essential to read the instructions thoroughly. Android users will likely need the geteduroam tool to work with CAT, and unfortunately geteduroam needs to remain installed post-configuration due to Android's certificate management process. CAT tends to be more complicated to deploy, but it installs the correct Certificate Authority cert and adds certificate verification which increases client security and allows for non-disruptive annual SSL certificate changes.