Knowledge Base Article: Windows eduroam Connection & Certificate Fix
This guide provides the definitive steps for manually connecting to the eduroam network on Windows and includes the necessary troubleshooting procedure for common certificate errors.
The eduroam service is recommended for those individuals who travel often to other higher ed institutions that are also part of the eduroam network. For campus use, we encourage you to use UCI Wi-Fi or UCInet Mobile Access, or if you live in campus housing, ResNet Mobile Access.
Please note that the network speeds are comparable across all UCI networks (eduroam, UCI Wi-Fi, etc.). Your actual connection speed will depend on various factors, such as your location, device, and current network load. We appreciate your understanding.
Step 1: Connect to the eduroam Network
- Select Network: Select the Wireless Network icon in your system tray.
- Join eduroam: Select the eduroam network from the list of available networks and then select Connect.
- Enter Credentials: When prompted, enter your credentials in the following specific format:
- Username Field: Your FULL UCInetID@uci.edu (e.g.,
UCInetID@uci.edu).
- Password Field: Your UCInetID password.
- Confirm Certificate: After entering your credentials and clicking OK, a security prompt will likely appear asking you to verify the server's certificate. Select OK or Connect to confirm the certificate and complete the connection.
- Success: You should now be connected to eduroam!
Step 2: Refreshing your connection in case you still can't connect.
- Right-click on the Eduroam connection.
2. Click Forget.
3. Connect to Eduroam again.
This will prompt a new login. When you connect, please ensure you use your full username: UCInetID@uci.edu and your UCInetID password.
Step 3: Troubleshooting Connection Failure (The Certificate Fix)
If you are unable to connect (e.g., the network shows "Can't connect," "Not connected," or "No Internet"), the problem is likely caused by old, conflicting InCommon certificates stored in your Windows system. Deleting these obsolete entries will resolve the conflict.
Action: Delete All Conflicting InCommon Certificates
- Open the Certificate Manager:
- Press the
Windows Key + R to open the Run box.
- Type
certmgr.msc and press Enter.
- Delete ALL Intermediate InCommon Certificates:
- In the left panel, expand Intermediate Certification Authorities.
- Click on Certificates.
- Find ALL certificates with a name starting with: InCommon RSA Server CA (e.g.,
InCommon RSA Server CA and InCommon RSA Server CA 2).
- Right-click on each one and select Delete. Confirm the deletion.
- Check the Trusted Root (Optional but Recommended):
- In the left panel, expand Trusted Root Certification Authorities.
- Click on Certificates.
- If you find any certificate named InCommon RSA Server CA here, right-click and Delete it. This is safe to do.
- Try Connecting Again: Return to your Wi-Fi settings, select eduroam, and select Connect. Refresh the connection per Step 2 if you're still having trouble.
Technical Explanation: Why This Fix Works
The connection succeeds because your Windows client is relying on a higher-level, globally trusted certificate:
- Conflict Eliminated: Deleting the InCommon certificates removes the retired and conflicting intermediate certificates that were confusing the validation process.
- Secure Validation: The current eduroam intermediate certificate is signed by the USERTrust RSA Certification Authority root certificate.
- Built-in Trust: The USERTrust RSA Certification Authority is part of the Microsoft Trusted Root Certificate Program. It is already installed and trusted by default in your Windows Trusted Root store, allowing your device to securely validate the eduroam connection without needing the specific InCommon intermediate certificate.