Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Remove CA certificate requirements for WPA2 connections
    1. This requires that you use Network Manager as a network connection manager (the default in Ubuntu, Debian, and most Linux systems), and that Network Manager is managing your Wi-Fi card. You can check on this by typing nmcli device and looking at the "STATE" column for your wireless device; if it says "unmanaged", then you must set up Network Manager to manage that device.
    2. As root, edit the file /etc/NetworkManager/system-connections/eduroam.nmconnection (or something similar) using your favorite text editor (nano, vim, gedit, etc.). Remove the line system-ca-cert=true. If that line is not present, you may add this field and set it to false by adding the line system-ca-cert=false.
    3. Taken from (and described) here
  2. Enable deprecated security renegotiation protocols in wpa_supplicant. Basically, some eduroam setups may still be using SHA-1 cryptography, which is blocked by default on many newer systems (like Ubuntu 22.04). There are a couple of methods for unblocking this:
    1. Edit your wpa_supplicant (the program that handles WPA/WPA2 networks) configuration. There are several steps, see for details.
    2. Downgrade wpasupplicant  and libssl  packages (not recommended)
      1. Basically requires downloading older versions of these two packages and installing them onto your system. More details can be found at under "Option 2: Manual Setup."
      2. Note that this is very unsafe and, in my opinion, more likely to end up with package conflicts in the long term. Your machine would almost certainly be vulnerable to a number of attacks, as libssl  is a core library used in many other security programs in Linux (not just your network connections). Also, many other programs will require newer versions of these packages, which could block you from installing critical updates in the future. Preventing future updates makes all of this even worse.

For more information on the WPA2/CA Certificate problems, see: