Zentrum für Datenverarbeitung (ZDV)

Configuration guide eduroam


This guide was created for Android 4.4.2. Depending on the version of Android you have installed and the manufacturer's branding, the configuration steps will differ.

Installing the root certificate of Deutsche Telekom

First you must install the root certificate "T-TeleSec GlobalRoot Class 2" of Deutsche Telekom in your personal certificate store.

  1. Open the web browser and download the certificate from the following URL:
  2. To install the certificate, navigate to Menu → Settings → Security → Install from USB storage.
  3. Optional: If you do not yet have a personal certificate store, it will be created and you will be asked for a certificate store password. Note that this must be at least eight characters long.
  4. Name the certificate, for example: "Telekom Root".
  5. Depending on the version, Android asks for a purpose for the certificate. It is essential to select the setting "Wi-Fi".
  6. Next you will be prompted for a password or pattern, depending on the unlock settings of your phone. Enter it. If you have not already created one, you are asked to create one. This is mandatory for the installation and use of eduroam.

Create the eduroam connection

  1. On your device, navigate to the Wi-Fi settings (Menu → Settings → Wireless networks → Wi-Fi settings).
  2. If eduroam is available at your location, the SSID "eduroam" will be listed under Wi-Fi networks. Click on it.
  3. Enter the settings as shown in the picture below. Be sure to select the "Telekom Root" certificate or your choosen installation name.
  4. If you have to enter the domain during configuration, please enter:  uni-tuebingen.de
  5. Press the button "Connect" only now.

No certificate

For some Android devices (especially older ones) it is not possible to include a certificate at this point. A connection to the network "eduroam" is technically possible but highly risky. We strongly advise against connecting these devices to the network "eduroam"!

Without the certificate, there is no authenticity check against the server. An attacker can use a laptop to pretend to be an access point and an authentication server, and record your username and password.