Topics Map > University of Chicago > IT Services > Phones & Internet Connections > Wireless Data Networking
Topics Map > University of Chicago > IT Services > Phones & Internet Connections > Wireless

Wireless - Secure Network SSL Certificate Update

This article provides information related to the secure wireless network(s) periodic SSL certificate updates and what to expect from a user's perspective. It also aims to provide some guidance on what users should do when they are prompted to acknowledge the new certificate.

General Info

This change is required because the current certificate expires at the end of June. Typically, certificates can be enabled for one, two, or three years, and the new certificate being installed will be valid through May 31, 2018.

Because this change is being made to the central secure wireless authentication system, it will affect all campus locations where uchicago-secure and eduroam are broadcast -- Hyde Park, Gleacher, and domestic and global centers.

What to Expect when the Certificate is Renewed/Updated

Once the certificate is renewed, you will notice a “Certificate Trust” error. This is normal behavior expected on most devices when they are presented with a new certificate and is similar to what you would have seen the first time you connected to the network. Because your devices will know nothing about the new certificate, you need to manually trust the certificate.

If you’d like to know more, you may refer to the following examples for common devices:

Error Workaround

If you have a Windows device and experience any difficulty with the certificate, ITS recommends that you use the XpressConnect configuration utility. This will install the required intermediate certificates with the appropriate trust settings to help effectively mitigate certificate errors on your devices. The XpressConnect Configuration wizard is available at http://wireless-ucsecure.uchicago.edu. In some cases, you may need to first connect to the uchicago network using web authentication to connect to the network and then you can access the XpressConnect wizard to transition to the secure network.

Additional Technical Details

The uchicago-secure and eduroam SSIDs use SSL certificates on the network side to notify wireless clients that they are connected to a trusted wireless network. SSL certificates have an expiration date.

The new server certificate contains a longer "chain of trust" and your device settings may need to be adjusted to trust the new intermediate certificates.

  • Intermediate CA: InCommon RSA Server CA
  • Intermediate CA: USERTrust RSA Certification Authority
  • Root CA: AddTrust External CA Root

Additional Help

Contact the ITS Service Desk if needed for further support.

See Also

05/02/16 RS:- extended expiration date until Jan/2017



Keywords:802.1X, uchicago-secure, eduroam, xpressconnect, cloudpath, expressconnect   Doc ID:51315
Owner:Brian N.Group:University of Chicago
Created:2015-05-12 15:34 CDTUpdated:2017-03-10 17:56 CDT
Sites:University of Chicago, University of Chicago - Sandbox
Feedback:  1   0