Body
Summary
This article provides steps to remove expired TLS certificates for UNH eduroam. This can sometimes solve the problem when a device keeps saying the connection is not trusted, or the user is continually prompted to select a certificate. This article is for people on the UNH Campuses or at the USNH System Office.
Environment
This can happen on any device configured to connect to UNH eduroam through the WiFi TLS (transport layer security) Certificate process at https://wifi.unh.edu.
Symptoms
- User needs to manually connect to eduroam when changing locations on campus
- Auto-connect/Auto-join is selected for the network, yet it does not auto connect
- Device will not connect to eduroam
- Device prompts user to select certificate every time user tries to connect to eduroam, yet none selected allows them to connect
- Device connects to eduroam with no Internet
- Device keeps saying the wireless connection is not trusted
Resolution
General troubleshooting steps
Remove any stored certificates and/or saved UNH wireless networks, then reconnect to eduroam with the username@unh.edu login or re-install the TLS certificates.
Step 1 - Remove stored UNH Wireless certificates and/or saved UNH Wireless networks.
Step 2 - Reconnect to eduroam and sign in with username@usnh.edu and password when prompted.
Step 3 - If Step 2 does not solve the problem, browse to https://wifi.unh.edu. Click on Start Over at the top, then go through process to re-install the UNH WiFi TLS certificates.
Detailed instructions for:
Result
Your device is connected to eduroam at UNH.
Mac OS
Step 1 - Select the Apple icon in the upper left of the screen
Step 2 - Select system preferences (OS X) or system settings (OS 12+)
Step 3 - Search for "Profiles" then click on the word: Profiles
Step 4 - Look for profile(s) called eduroam user and/or UNH-Secure CPPM. You may find more than one of these profiles.
Step 5 - Remove each profile you find in Step 4 by highlighting each profile name then clicking the minus button (-) below it in the same column. Repeat for each profile you found in Step 4 above.
Step 6 - Browse to Network in system preferences/system settings and highlight the WiFi connection
Step 7 - Click the Advanced button
Step 8 - Look under Preferred Networks for UNH networks, such as: eduroam, UNH-Open, UNH-Secure, UNH-Public, etc.
Step 9 - Remove each UNH network you find in Step 8 by highlighting the network name then clicking the minus button (-) below it in the same column. Repeat for each UNH network you found in Step 8 above.
Step 10 - When the UNH networks are all removed, click OK, then Apply!
Step 11 - Select eduroam from the wireless connections drop-down and sign in with username@usnh.edu and password when prompted.
Result
Your device is connected to eduroam at UNH.
Back to list
iOS
Step 1 - Open Settings then go to General
Step 2 - Tap on VPN & Device Management or Profiles & Device Management, near the bottom.
Step 3 - Tap on each UNH profile listed under Configuration Profile. For each UNH profile, tap Remove Profile and confirm. Repeat for each profile listed.
- If you do not have any UNH profiles listed, skip this step.
Step 4 - Go to Wi-Fi settings
Step 5 - Forget all the UNH networks by tapping the ( i ) icon next to the network name. Tap Forget This Network, if available, then tap Forget to confirm.
Step 6 - Select eduroam from the Wi-Fi connections list and sign in with username@usnh.edu and password when prompted.
Result
Your device is connected to eduroam at UNH.
Back to list
Windows
Step 1 - Open Settings > Network & Internet. Select Wi-Fi on the left, then the Manage known networks link.
Step 2 - Select each UNH network (eduroam, UNH-Open, UNH-Secure, UNH-Public, etc.) and click on Forget. Repeat until no UNH networks appear in the list.
Once that is complete, remove all stored UNH certificates of the form - username@cpuser.unh.edu:
Step 3 - Search on the computer for "Internet Options" and Open the Internet Options control panel app. The Internet Properties box opens with multiple tabs.
Step 4 - Click on the Content tab then click the Certificates button.
Step 5 - All available stored certificates will be listed there. If necessary, widen the Issued To column to see the full Certificate name.
Step 6 - Select each certificate of the form username@cpuser.unh.edu and click Remove.
NOTE: This will interrupt your existing connection to eduroam if you are connected using one of the deleted certificates.
Step 7 - Select eduroam from the Wi-Fi connections list and sign in with username@usnh.edu and password when prompted.
Alternative method for technicians [requires computer admin permissions]
- Step 3 - Search on the computer for "Certificate" and Open the Manage user certificates control panel app [or open the Run command, type certmgr.msc , and press Enter]. The certmgr - [Certificates] box opens with multiple folders.
- Step 4 - Certificates are stored in the Personal > Certificates folder. If necessary, widen the Issued To column to see the full Certificate name.
- Step 5 - Select each certificate of the form username@cpuser.unh.edu, then right-click and select Delete or click the red X in the toolbar.
- NOTE: This will interrupt your existing connection to eduroam if you are connected using one of the deleted certificates.
- Step 6 - Select eduroam from the Wi-Fi connections list and sign in with username@usnh.edu and password when prompted.
- (Optional) Step 7 - Reconnect to UNH-Open, browse to https://wifi.unh.edu and click "Start Over" at the top, then follow the onscreen instructions to reconfigure the device to eduroam using TLS certificates.
Result
Your device is connected to eduroam at UNH.
Back to list
Cause
There are multiple certificates installed on the machine, which can happen if someone re-runs the configuration process through wifi.unh.edu.
The UNH Cloudpath applet downloaded from wifi.unh.edu installs and configures certificates to connect to eduroam. Windows and Mac OS can both store multiple Cloudpath certificates which can lead to connection problems. The device is unable to determine the best certificate and instead may prompt the user to select a certificate.
When this issue occurs, IT recommends removing all Cloudpath personal certificates from the device and re-running the Cloudpath applet. Only one valid certificate issued to <username>@cpuser.unh.edu is required to connect to eduroam. Alternatively, sign into eduroam with username@campus.edu and password instead.
Further Readings
Connecting to the USNH Wireless Network using Laptops, Tablets, or Phones
UNH Wireless: eduroam TLS Certificate Configuration
UNH Wireless: eduroam Manual TLS Certificate Configuration
How to forget a Wi-Fi network on iPhone, iPad, or Mac- Apple Support article
Install or remove configuration profiles on iPhone- Apple Support article
Install or remove configuration profiles on iPad - Apple Support article
https://wifi.unh.edu - Click "Start Over" at the top, then follow the onscreen instructions to reconfigure the device to eduroam using TLS certificates.
Need additional help?
Visit the Technology Help Desk Support page to locate your local campus contact information or to submit an online technology support request. For password issues you must call or visit the Help Desk in person.