Client certificate authentication made easy

This software lets you use your eduGAIN account to receive a client certificate, which you can use to log in to eduroam.

A problem with eduroam authentication is that a client will not verify the authenticity of the server, unless the client is set up correctly. This allows a man in the middle to interscept a users' password.

This problem does not occur with certificates, because the private key is never sent over the air. The disadvantage of using certificates is that it is hard for end users to set up.

Using this web application, a user can easily generate certificates in different formats to be used on their operating system. Apple users will receive a .mobileconfig file, which can be read natively by any supported operating system by Apple. Windows does not have native support for wifi configuration through a configuration profile, so Windows users can download an .exe file that will take care of all configuration for them.

For other operating systems, download a pem file or a pkcs12 container, which you can then configure manually for your operating system. This is known to work for UNIX-like systems with wpa_supplicant (FreeBSD, Linux, NetBSD) as well as some other platforms (OpenWRT). Support for more systems may be added later.

Finally, we support retrieval of certificates through OIDC, allowing for future third party apps to provide this service in a user-friendly manner.