Notice
This is the search page for the english version of the website. To search the german version of the website go to the german search page.
Filter
Make sur you have a Internet connection.
If the GETEDUROAM app was installed please delete/remove the app and the saved WiFi.
1. Download the easyroam app: https://www.easyroam.de/winapp/easyroam.msix and install.
(if you dont have a Microsoft Store on your machine follow these instructions)
2. Start the Easyroam App. Usually a Browser will be opened.
3. In the WAYF (Where Are You From) locate Ostbayerische Technische Hochschule Amberg-Weiden and log in wit your OTH-AW Account.
4. After a successful login wird the main menu „Home“ will be
visible.After clickin on „install new profile“ a new easyroam profile
will be installed.
5. The new Profil will be shown as „valid“ in the main menu.
6. Wait a few Minutes for the configuration to finish.
Easyroam on Android
The easyroam app on ANDROID is downloadable from the Google Play Store: Easyroam
1. Delete the geteduroam app and also any existing eduroam profile. Download the easyroam app from the app Store and install.
2. Start the easyroam app.
3.There are two Ways to login either „Login through
Website“ or „Login using QR-Code“. Using „Login through Website“ youll
have to log in to WAYF (Where Are You From) see section 4. . If you have
a laptop or desktop at hand , you can login through portal at www.easyroam.de
and generate a QR code (valid 5 minutes), Which you can thenscan with
your easyroam app on your ANDROID Device. In this case you can skip
section 4. and install the Profile as shown under section 5. .
4.In the Search bar locate the DFN-AAI IdP Ostbayerische Technische Hochschule Amberg-Weiden and log in to your OTH-AW account.
5. Click on „Install new profile“to start the installation process for the new profile.
6. Click on „Confirm“.
7. Click on
„Allow".
8. The validity period for the certificate will be shown in green.
Shaould the easyroam Connection not work for once then pllease restart your devices WI-FI by turning it off and on again.
As long as there is a valid pseudocertificate on the device, the
device will log on regardless of operating system ANDROID oder iOS in
easyroam. A log in through the DFN-AAI IdP account is no longer neccessary. in the main menu by pressing
„Manage“ you can renew, install or revoke a certificate.
Through the button „Other profiles“ you can revoke profiles on other devices.
Einstellungen/Settings
Through Settings, it is possible to change to Fingerprint
verification,which is preventing unauthorized eduroam access on your
device. You can also configure the App to warn you if your Certificate
is abut to expire. Using „Reset this App“ you can revoke the certificate
that is installed on the device. After that you can follow the above
steps again.
My account
In the my account menu the logo of your organization (OTH-AW) should be
displayed . You can also check how many of your Profiles are in use and
how many can still be issued. The Status shows if your access to
easyroam is still active. It is possible that you can no longer issue
new Certificates, however the old ones might still be valid. Only the
easyroam admins of your organization may remove this restriction.
Please note. The name of the profile is not the name of the PKCS12 file. The name of the profile is used for the internal administration of the easyroam profiles. The name of the downloaded PKCS12 file is formed from the date and time of the generation of the PKCS12 file with the suffix .p12.
5. The CLI of openssl is used to extract the individual components such as the client certificate, the private key and the RootCA certificate:
Please note that Import Password of the .p12 - file is empty. When using openssl, pay attention to the wording: Enter Import Password with <return> acknowledge.
Client certificate:
openssl pkcs12 -in my_easyroam_cert.p12 -legacy -nokeys > easyroam_client_cert.pemPlease note, the -legacy option must be omitted here and in the following. Unfortunately, the use of the OpenSSL option is version dependent.
Private Key:
Please note, since the various network managers and the wpa_supplicant usually only accept password protected private keys, a password must be set during extraction. With the following command first Enter Import Password appears, so acknowledge with <Return>, then Enter PEM pass phrase appears: Here you enter a new password and remember it!
openssl pkcs12 -legacy -in my_easyroam_cert.p12 -nodes -nocerts | openssl rsa -aes256 -out easyroam_client_key.pemRootCA certificate:
openssl pkcs12 -in my_easyroam_cert.p12 -cacerts > easyroam_root_ca.pemThe .p12 at a glance:
openssl pkcs12 -info -in my_easyroam_cert.p12 -legacy -nodesThe certificate files can also be assembled with copy/paste. It should be noted that the private key must still be provided with a password.
6. There are indeed instructions on the net for configuring EAP-TLS on various network managers from the specified components. As an example, the CLI netctl on Archlinux is used to show how EAP-TLS and thus easyroam/eduroam can be configured on a Linux device. The following is required:
- netctl
- wpa_spplicant
- easyroam .p12 pseudo certificate
description='easyroam connection' Interface=wlan0 Connection=wireless Security='wpa-configsection' IP='dhcp' WPAConfigSection=( 'ssid="eduroam"' 'key_mgmt=WPA-EAP' 'eap=TLS' 'proto=WPA RSN' 'identity="76673789883214453797@easyroam.realm_der_einrichtung.tld"' # Hier muss der CN (Common Name) aus dem easyroam Pseudozertifikat stehen! 'client_cert="/etc/netctl/cert/easyroam_client_cert.pem"' 'private_key="/etc/netctl/cert/easyroam_client_key.pem"' 'private_key_passwd="FORYOUREYSEONLY"' 'ca_cert="/etc/netctl/cert/easyroam_root_ca.pem"' 'ca_cert2="/etc/netctl/cert/easyroam_root_ca.pem"' )Run the following command with root privileges:
netctl start easyroam
If easyroam shall be installed permanently run the following command:
netctl enable easyroam