skip to content

eduroam Wi-Fi access under Android

Important: Due to the many different versions of Android, it is not possible to connect to the Wi-Fi network with all phones. As functions may have been deactivated by the manufacturers, it is possible that you cannot change the configuration in a specific settings menu or menu items are named differently. 

Vulnerability in Android: Always provide a CA certificate for 802.1X-based Wi-Fi networks. If you have not specified a CA certificate in the Wi-Fi settings, the specified CA certificates are not verified for other Wi-Fi network configurations.  See the DFN website for more information.

Configure access point

1. Scan the QR code with a QR reader and open the linked website in the android browser or chrome. This installs the root certificate (CRT 1 KB) for the Wi-Fi connection. You can also download the certificate manually. 

2. If you only have Firefox installed as your browser, you must store the certificate manually on the device and open it from the file manager so that it is saved in the wireless certificate store. Otherwise when using Firefox, you will only get the message that the certificate is already installed, but it cannot be selected in the wireless configuration.

Zertifikat einrichten (ohne Internetverbindung)

Sollten Sie bislang über keine (temporäre) Internetverbindung auf dem Gerät verfügen, müssen Sie für die Installation des Zertifikates einen kleinen Umweg gehen. Auf Ihrem PC oder einem anderen internetfähigen Gerät laden Sie mit dem Browser von den Seiten der DFN-PKI das Zertifikat „Deutsche Telekom Root CA 2“ (Format .crt) herunter und übertragen es auf die SD-Karte des Mobilgerätes. Dann installieren Sie das Zertifikat auf dem Mobilgerät per "Einstellungen" -> "Standort und Sicherheit" -> "Von SD-Karte installieren". Sollten Sie dabei nach dem Verwendungszweck des Zertifikates gefragt werden, wählen Sie unbedingt "WLAN" aus.

3. Enter any name for the installed certificate, for example "root certificate, and choose the “Wi-Fi” usage type. Some Android systems usage do not include the usage type option. If a lock pattern, PIN or password is not set up yet, Android will prompt you to do this.

4. Now open your Wi-Fi settings and select the “eduroam” network.

5. This opens a pop-up window. Enter the following settings here:
EAP methods: PEAP
Phase 2 authentication: MSCHAPv2

For the CA certificate, you can select the certificate you just created. If the certificate does not appear, you may have forgotten to set the usage type to Wi-Fi.

Identity: (Enter your account name + "@ uni-koeln.de” here).
Anonymous identity: anonymous@uni-koeln.de (in some systems you may only need to enter "anonymous" here).

Now scroll down the screen. Enter the password here:
Password: (Enter your account password here)

Confirm your details by clicking "Connect".

6. You can now use eduroam at universities around the world.

Contact
If you have any questions or problems, please contact the RRZK-Helpdesk