Important changes for Wireless access profiles

All users of the eduroam wireless network, whose home institution is the Leibniz Universität Hannover are affected, but also the members of virtually all other German institutions that take part in the eduroam network. The profiles have to be changed on all devices that are using the wireless network eduroam/LUHWPA. If you installed your wireless profile via the eduroam CAT tool in october 2018 or later, you are already using the new profile and no further action should be necessary.

Also affected is the wireless network LUHWPA which will be deactivated on July 9th (see below).

This page serves to inform all users of the LUHWPA wifi network as well as the users of the eduroam wifi network with old profiles about the necessary profile changes. For the time being, you can use the wifi network without changes by clicking on the button "Ich habe diese Hinweise zur Kenntnis genommen und möchte momentan noch nichts ändern", however the page will reappear daily until you changed your wireless connection to the new eduroam profile.

Although all operating systems and web browsers should automatically detect the information page, in special cases there might be problems accessing the information page. In this case, accessing an unencrypted page (e.g. www.neverssl.com ) should show the page in any case.

We recommend that you use the eduroam CAT-Tool for this, it is the easiest method to adapt your devices to the changes. Typically, you only need to select your home institution, "Leibniz Universität Hannover", download and install the provided file and re-enter your credentials for wireless access. Android users also need the eduroam CAT app, which should preferably be installed in advance from the Google Play Store or its alternative F-Droid.

Depending on your operating system it should be generally possible to make the configuration changes manually. However this procedure is much more error-prone, therefore we strongly recommend using the CAT-Tool

No, the wireless accounts and their credentials are not affected and stay valid without any changes. While activating the new profile settings, you have to re-enter the credentials once. Please keep in mind to add the realm @uni-hannover.de for the eduroam network.

While changing the profile, you have to re-enter the wireless credentials once. If you can't remember the password:

• for accounts that you created using your LUH-ID (username like ABC-DEF-W1) you can reset your password yourself in the Account-Manager
• for accounts created via the BIAS system (username like nhxxxxxx) the password has to be resetted, in this case please contact our User Help Desk

In the older wireless network LUHWPA, the authentication works the same way as in the eduroam network, hence it is also affected by the certificate expiry. This wireless network dates from before the creation of the eduroam community and differs from the eduroam network in only two items:

• it can only be used at the Leibniz Universität Hannover
• the Realm "@uni-hannover.de" does not need to be added

Because there is no longer any requirement for this network and every additional wireless network diminishes the overall capacity of the wireless network, we will deactivate the LUHWPA network on July 9th. Therefore we urge all users of the LUHWPA network to change to the eduroam network as soon as possible.

From July 10th, it will no longer be possible to establish a connection with the old profiles, because the client will no longer accept the certificate of the server which has expired by then. For this reason, you should change your profiles in time.

No, this event wireless network is encrypted using a preshared key and thus not affected by the certificate expiration.

Guest tickets will also be using the eduroam wireless network. This means while entering your credentials, you have to add the realm @uni-hannover.de to your username. Guest tickets are not usable outside the Leibniz Universität Hannover. Upcoming there will be a web login portal for guest users.

The Windows Mobile operation system is not supported by the CAT tool. Additionally there is no possibility to set an outer identity, so the differentiation between old and new profiles iss not possible. As a workaround, Windows Mobile users should use the old profile until Juli 9th despite any warnings popping up. On July 10th, you should change the trusted CA certificate manually to "T-Telesec GlobalRoot Class 2".

If changing the profile does not work as expected, you should preferably at first delete the old eduroam profile, then restart the computer and then retry installing the new profile via the CAT-Tool. If anything still doesn't work, you can contact our User Help Desk:

• via Mail: supportluis.uni-hannover.de
• via calling our Hotline: 0511/762-9996 (Mo-Fr 9am-7pm)
• in person in the base floor of the LUIS, Schlosswender Str.5

You are not directly affected by the eduroam changes at our university. However if your home institution is located in Germany, it is almost certain that the affected root certificate is also being used for authentication on their servers, in other words that you also have to change your profile until July 9th in order to continue using eduroam. Please contact your home institution for details on how the change is conducted there. Members of institutions outside Germany typically use different root certificates and are not affectede by this change.

The root certificate that is being used for authentication of the RADIUS servers for the eduroam network, "Deutsche Telekom Root CA 2" will expire on July 10th 2019, 1:59AM CET. It is marked as "Trusted Root Certificate Authority" in the wireless profiles eduroam and LUHWPA, so until July 9th the "Trusted Root Certificate Authority" has to be changed to the new root certificate "T-Telesec GlobalRoot Class 2".In order to be able to use both old and new profiles simultaneously in the transition time until July 9th, the profiles are differentiated by the "Outer Identity". If the client''s Outer Identity is "eduroamuni-hannover.de", the Server displays the new certificate chain to the client, in all other cases it displays the old certificate chain. After July 9th, the new certificate chain is used in all cases, independent of the Outer Identity. Profiles provided by the eduroam CAT tool are already based on the new root certificate since October 2018.wlan_cert.html?&L=1#