I have recently installed Fedora (F40 KDE) on my laptop and i’m trying to connect to my university’s wifi (eduroam).
I need to enter username, password and select CA Certificate to “No CA certificate is required”. However i can’t find that option in the wifi settings. Everything in the above image is selected/entered correctly but the CA Certificate checkbox is missing.
See the 2nd image. That checkbox is there in another distro. Why is there no Checkbox for CA Certificate ? I have checked other posts regarding eduroam but none of them have this problem i guess.
so if i understand correctly, I should try to connect to eduroam in GNOME and generate the connection profile and then transfer it to my main machine ? I’m currently not at my university but i will try doing this tomorrow. Thanks for the assistance.
→ what happens if you just leave the “CA Certificate” field empty?
if i remember correctly, It said something like password is incorrect or authentication failed, but it didn’t connect to the network, even though password was correct.
regrading the script, I will try doing that tomorrow as i’m not at my university now. Thanks for the help. I’ll update this thread if that works.
I’m also using the eduroam network, and I leave the CA certificate field empty in KDE Wi-Fi Security.
In my case, my university instructs me to use TTLS authentication. I notice in your second picture that Tunnelled TLS is used as well. However, your setting in the first picture shows that it’s set to PEAP. Can you confirm if PEAP is indeed the correct authentication method in your university?
A certificate is required to deploy WPA enterprise, and clients (STA) are supposed to verify the certificate[1][2] to prevent MITM attack. Which might be why the KDE UI doesn’t offer a “no certificate is required” option to encourage best practices[3].
Windows and Apple use “Trust on FIrst Use”[4], Android allows ToFU and “Use system certificates”, NetworkManager asks users to explicitly trust a root CA[5].
What I’ve seen is that the uni’s IT is just lazy and tell people to use “do not not verify”. So basically if you select “no certificate” then the security of your Linux is gimped compared to other systems.
You can probably dig around in wpa_supplicant’s log and see what certificate the Wi-Fi is signed with, then download the Root CA certificate from the CA’s website (or extract from the system’s bundle, not sure how).
journalctl -b -u wpa_supplicant
# Will see the eduroam's domain cert and the signing intermediate cert.
# Then lookup and download that signing CA's root cert.
Con:
Needless to say, only download from CA’s official website!
Broken Wi-Fi and debug hell, if the school switches eduroam cert without notice and you don’t remember you did this (:
my university uses https://pern.edu.pk/ to provide eduroam. Also i tried the python script you mentioned above but i’m getting the same authentice eduroam error which keeps asking me to enter my eduroam password over and over again.
