These instructions are current as of December 2021. I’ve been at UVA since 2008 and have had to change how this works 4 times (in 2011, 2014, 2018, and 2021), leading me to expect these will be valid for about 3 years.
Using the Network Manager app (the default tool used for network connection in Cinnamon, MATE, Gnome, XFCE, LXDE, Ubuntu, etc.), most of the defaults should work; however, in Wi-Fi Security (which may be all you are shown depending on how you picked the eduroam SSID) you need
@virginia.edu (all lower-case)
This will need to be a file on your computer. There are several that will work, as eduroam is signed by multiple certificate authorities.
I recommend the US Higher Education Root (USHER): http://h1.usherca.org/aia/ca.pem (download link from http://www.usherca.org/). Download that, as any name you want, somewhere you won’t delete it, and then browse to its location for this field.
CA certificates expire; mine expires in February 2026. You’ll need a new CA certificate when the old one expires. You can find the expiration date with
The CA certificate file contains only a publicly-available signature and does not need to be protected in any particular way.
This is the P12 personal digital certificate used for netbadge, etc. UVA issues personal certificates for 13 months, so you’ll be getting a new one every year. You can find the expiration date with
The password you set when you downloaded your personal digital certificate.
The network manager may disable this field, defaulting to the user key password field’s value instead
The same as the user certificate.
The network manager may disable this field, defaulting to the user certificate password field’s value instead
In theory, UVA provides instructions for this in multiple places. In practice, they have a few holes when it comes to Linux. I’ve found the following works around those holes:
Connect to the UVA WiFi Setup
network.
Navigate to any non-encrypted webpage to get redirected to the portal detector. Your browser may do this for you; mine prompts me to visit http://detectportal.firefox.com/canonical.html
None of the options they provide will work. Instead, edit the URL to replace standard and anything that follows it (for me, standard/?device=Non-specific OS) with just limited/.
As of September 2021, the resulting URL is https://cloud.securew2.com/public/82116/limited/ but I have no idea how stable the 82116 bit will be over time.
Go to any netbadge site, such as https://netbadge.virginia.edu.
Click on the Get one now!
link, which currently goes to https://in.virginia.edu/installcert.
Expand the Firefox FAQ to find the UVA Network Setup Tool (Limited)
, which currently goes to https://cloud.securew2.com/public/82116/limited/.
The Firefox FAQ also describes how to use the certificate in your Gecko-based browser to simplify authentication.
If there’s no Sign in
button,
Sign inbutton.
In 2018 the source of this page detected Linux, then turned Linux into Unknown before finishing, which round-about pretending to not know your OS prevented the Sign in button from being generated. In 2021, they seem to have fixed this but I’m keeping the documented fix here in case it breaks again.
ip address and look for the line beginning number: wsomething (e.g., mine is
3: wlp0s20f3; the exact name varies by Linux distribution). The line after that should have link/ether followed by six bytes in hex separated by colons. That’s the MAC address you want.e(e.g. mine is
2: enp0s31f6); that device’s MAC address is what you’d need if you wanted eduroam to work for a cable plugged in to UVA network (I’ve not tried that though).This file gives anyone that owns it power to impersonate you. You should definitely store it such that only you can read it; I recommend storing it in a hidden directory with owner-only permissions, such as can be created via