Connecting to the eduroam network shares some similarities with connecting to UVA's VPN on linux. See VPN Setup for details there.

Step-by-step guide

This guide has been updated as of . You may view previous versions of this guide by looking at the "Page History" information.

If something in this guide does not work for you, please comment on the page (with your system version) or suggest an edit to the guide.

For this tutorial, our example compute ID will be "jjruv4".

To start, you will need to download your personal/user certificate file.

  1. Download your combined certificate (.p12 file)
    1. Head to (alternative link: and log in with Netbadge (if not logged in already)
    2. The "Operating System" field should be "Unknown", give a short description of this where this certificate will be used.
    3. (Optional) Enter the MAC/hardware address of the wireless network card for your device. If you don't know your MAC address, you can find it by opening a terminal and using the ip a command, then finding the interface that corresponds to your wifi network card. It may begin with "wlp" in the ID. Then, the hexadecimal string following "link/ether" will be your MAC address.

    4. Enter a passphrase for your private key.

      This is not your netbadge login password, or any other UVA password. This is a unique passphrase used only for this certificate file.

      Make sure to record this passphrase and put it somewhere safe! This passphrase is required to use your certificate, and no one can recover it after the fact, not even UVA ITS.

    5. You should now be able to download a file with the suffix ".p12".
  2. Configure your network connection
    1. Open your network connection configuration menu. This will look different for every flavor of Linux/GUI framework, but this should generally be found under "System Settings" or on the task bar. You should be in the correct menu when you see a list of Wi-Fi networks that you can connect to.
    2. Enter the configuration menu for the eduroam network, and navigate to the "Security" tab (may also be named "Wi-Fi Security"
    3. Set your configuration as follows. Please note that the exact option names may be different on your OS. If a configuration option is not listed here, then it should (most likely) be on its default setting:

      SecurityWPA/WPA2 Enterprise
      Identity<Your compute ID email address in all lower-case letters. Example: "">
      User Certificate<The full path to your .p12 file. Use the file selection menu if possible. Otherwise, you may need to prefix the file path with the "file://" URI. Example: "file:///home/jjruv4/.certs/jjruv4.p12">
      CA Certificate<Leave Empty>
      Private Key<The full file path to your private .p12 file. Use the file selection menu if possible. Otherwise, you may need to prefix the file path with the "file://" URI. Example: "file:///home/jjruv4/.certs/jjruv4.p12">
      Private Key Password<The password given when you created and downloaded the .p12 file from UVA in Step 2. This is not your UVA netbadge password, nor is it your PEM passphrase.>

    4. Make sure to uncheck the "All users may connect to this network" option in the "General" tab. This may also be named as "Available to all users", or similar.

  3. Connect to the network. You should now be able to click on the eduroam network and connect! See below for troubleshooting suggestions.


Eduroam uses deprecated security protocols

Eduroam networks sometimes rely on deprecated security configurations which may force your system to block connections.This is a pervasive issue with many eduroam networks (not just UVA) that depends on the network configuration, your OS and package versions, network device configuration, and network connection configuration. Here are some suggestions that have worked for others:

  1. Remove CA certificate requirements for WPA2 connections
    1. This requires that you use Network Manager as a network connection manager (the default in Ubuntu, Debian, and most Linux systems), and that Network Manager is managing your Wi-Fi card. You can check on this by typing nmcli device and looking at the "STATE" column for your wireless device; if it says "unmanaged", then you must set up Network Manager to manage that device.
    2. As root, edit the file /etc/NetworkManager/system-connections/eduroam.nmconnection (or something similar) using your favorite text editor (nano, vim, gedit, etc.). Remove the line system-ca-cert=true. If that line is not present, you may add this field and set it to false by adding the line system-ca-cert=false.
    3. Taken from (and described) here
  2. Enable deprecated security renegotiation protocols in wpa_supplicant. Basically, some eduroam setups may still be using SHA-1 cryptography, which is blocked by default on many newer systems (like Ubuntu 22.04). There are a couple of methods for unblocking this:
    1. Edit your wpa_supplicant (the program that handles WPA/WPA2 networks) configuration. There are several steps, see for details.
    2. Downgrade wpasupplicant  and libssl  packages (not recommended)
      1. Basically requires downloading older versions of these two packages and installing them onto your system. More details can be found at under "Option 2: Manual Setup."
      2. Note that this is very unsafe and, in my opinion, more likely to end up with package conflicts in the long term. Your machine would almost certainly be vulnerable to a number of attacks, as libssl  is a core library used in many other security programs in Linux (not just your network connections). Also, many other programs will require newer versions of these packages, which could block you from installing critical updates in the future. Preventing future updates makes all of this even worse.

For more information on the WPA2/CA Certificate problems, see:

Example eduroam.nmconnection file

Below I have posted an example eduroam connection config file that does work, as of . This is not guaranteed to work on your setup, but it provides a point of reference. If you are using Network Manager, you should be able to find your connection configuration in /etc/NetworkManager/system-connections/eduroam.nmconnection. Modify fields as necessary for your system.

uuid= # your connection UUID

mac-address= #your wireless network card's MAC address


client-cert=#path to your .p12 file
private-key=#path to your .p12 file
private-key-password=#REDACTED. It should be encrypted anyway!




Information for this how-to was taken from the UVA Physics site:

Some of their steps did not work for my setup, and were edited accordingly in this write-up. Their configuration may work for you if you are having trouble with this one.

Related issues