ACTION NEEDED: Eduroam certificate renewal

WHAT IS HAPPENING?

Eduroam will stop working for you, unless you update the Eduroam certificates on all your devices

WHEN?!

From Monday 8th March 2021 – but you can take action today.

WHY?

Thanks to Apple this is now an annual thing* – SSL/TLS certificates on the radius servers for Eduroam logins need replacing every year. The University has already made the new certificates available and both the old and new will work. However, the old certificates will be removed on Monday 8th March 2021.

WHAT DO I NEED TO DO?

We have been told that the easiest way to get the new certificates is to run the Eduroam Configuration Assistant Tool (CAT). This will install/reinstall the required new certificates.

You can get to the Eduroam CAT website from this link – https://www.queens.ox.ac.uk/eduroam-cat

Other useful tips are available on the IT Blog – https://it.queens.ox.ac.uk/eduroam/

ANYTHING ELSE I NEED?

Yes – you will need to know your REMOTE ACCESS password – this is NOT your SSO password!

*BACKGROUND

This all stems from a decision made by Apple in February 2020 to enforce a 398 day limit on SSL/TLS certificates in their Safari web browser. This was followed by Mozilla and Google taking a similar stance.

So, from 1st September 2020, browsers and devices from Apple, Google and Mozilla now report errors for websites with SSL certificates with a lifespan greater than 398 days, and ultimately state that the website is insecure. Up until then it was not uncommon to have SSL certificates with two, three or five year lifespans.

So, thanks to Apple, Mozilla and Google for strong-arming the international Certificate Authority industry into a more secure state, however, this now means we all have to update our certificates annually.