What is changing?
Currently, your eduroam Wi-Fi connection relies on your NetID and password to connect. ITC is upgrading our eduroam system so that devices will use a device-specific certificate file to connect instead of just your NetID and password. The most visible benefit to end users is that changing your NetID password will no longer disconnect your devices from eduroam. NetIDs also won’t be locked out because of devices connecting to eduroam with an old or incorrect password.
Why is it changing?
The use of NetIDs and passwords to connect to eduroam is not as secure or reliable as the use of certificate files. Operating systems such as Windows 11 are removing the ability to connect using a username and password in the near future. Other operating systems are expected to remove this ability in the future as well. In order to ensure your devices are still able to connect to eduroam, Dartmouth’s eduroam system and your devices configuration need to be upgraded.
This sounds complicated. I think I’ll just use Dartmouth Public.
Dartmouth Public is provided as a free and open Wi-Fi network for guests on the Dartmouth campus as well as an alternative for devices that truly do not support eduroam. Dartmouth Public is unencrypted Wi-Fi, and as such is not able to access many on-campus resources. All persons with an active affiliation with Dartmouth (current students, faculty, and staff as well as individuals with sponsored accounts) should connect to eduroam only. eduroam is secure and encrypted using the latest standards and provides access to resources on the campus network (such as GreenPrint, screen sharing in classrooms and conference rooms, Library media and databases, and administrative applications such as Oracle and OnBase).
Where can I use eduroam?
Aside from buildings on the Dartmouth campus, eduroam is provided at DHMC, the Dartmouth Skiway, and several other Dartmouth-owned off-campus locations. Additionally, eduroam is available to Dartmouth users free of charge at over 2,500 locations in the US, and more than 33,000 locations worldwide. These locations include other higher-ed campuses, K-12 districts, some government and research buildings, and even airports!
I am currently at another campus using eduroam. How does this affect me?
You can run the JoinNow software and upgrade your eduroam connection now. You will reconnect to eduroam when it is complete, even if you are not on the Dartmouth campus. If you prefer to wait until you are back at Dartmouth, that is OK. Your devices will be able to connect to eduroam the way they are now until July 1 without having to upgrade. After July 1, you will not be able to connect to eduroam without having an upgraded connection.
Will this change affect my ability to use eduroam on other campuses?
Not at all! Once you upgrade your connection, you will still be able to use eduroam at other campuses as you are today.
I connect to eduroam at DHMC. How does this affect me?
You will still need to upgrade your eduroam configuration before July 1. Once you complete the upgrade using the JoinNow software, you will be able to connect to eduroam at DHMC as usual.
I work at a Dartmouth location that does not have eduroam (Boston offices). What do I need to do?
If you connect to the “Dartmouth” Wi-Fi network, you will still need to upgrade your connection. Goto wifi.dartmouth.edu, scroll down to the bottom of the page, and click the link that says “Install a Different Profile”, and then click “Continue to install the Dartmouth Profile”. This special JoinNow installer will configure your device both for eduroam as well as the “Dartmouth” Wi-Fi network.
I work in the Athletics department and need to connect to the DCAD Wi-Fi. What do I need to do?
If you connect to the “DCAD” Wi-Fi network, you will still need to upgrade your connection. Goto wifi.dartmouth.edu, scroll down to the bottom of the page, and click the link that says “Install a Different Profile”, and then click “Continue to install the DCAD Profile”. This special JoinNow installer will configure your device both for eduroam as well as the “DCAD” Wi-Fi network.
Note: This network will only function for Athletics Department Staff or other users granted access to connect. Other users who install this profile will not be able to connect to DCAD.
Does this affect Dartmouth Public?
No! Dartmouth Public is not affected by any of these changes. If your device supports eduroam, you should connect to that instead of Dartmouth Public. Please
“forget” Dartmouth Public from your device once you have connected to eduroam.
Does this affect wired network connections?
No. Wired Ethernet connections on the campus network are not affected by any of these changes.
Does this affect my cellular phone service?
No. This change does not affect cellular phone or data service. ITC does not provide or support cellular service from public carriers such as AT&T, T-Mobile, or Verizon. For support with cellular service, please contact your provider.
Does this affect my ability to connect to my home network?
No. This change does not affect your ability to connect to Wi-Fi or wired networks such as at home or while traveling. Dartmouth ITC does not provide support for off-campus networks.
What devices should connect to eduroam instead of Dartmouth Public?
Any device that supports eduroam should connect to it instead of connecting Dartmouth Public.
How will I know if my device is compatible with this change?
If your device connects to eduroam today, chances are it will work after this change. Certificate-based Wi-Fi authentication is not a new technology, and is widely supported by all major operating systems including MacOS, Windows 10 and 11, iPhone/iPad, Android, and Linux. The SecureW2 JoinNow software (which is used to install the certificate files) is continually tested and updated by the vendor in order to ensure compatibility with operating system updates.
If you want to double-check that your device supports this change, please read this .
My device doesn’t support certificate-based authentication (EAP-TLS). How can I connect to the network?
Most devices that support eduroam today using a NetID and password (EAP-PEAP/MSCHAPv2 technology) also support certificate-based authentication (EAP-TLS). Your device may need a software, operating system, or driver update to enable this support. If your device is still unable to support EAP-TLS after updating software, please contact the Service Desk for further assistance.
What is SecureW2 and JoinNow?
SecureW2 is the maker of the JoinNow software. The JoinNow software runs on your device, authenticates you with Dartmouth’s Web SSO, creates a certificate file to allow you to connect to eduroam, and installs the certificate and eduroam network on your device.
My device doesn’t support the SecureW2 JoinNow software. How can I connect to the network?
Please contact the Service Desk so we can determine how best to connect your device to the network.
What about the eduroam CAT tool or the GetEduroam app?
The CAT tool and the GetEduroam app will no longer be available to use as of June 10. JoinNow must be used by Dartmouth users to connect to eduroam.
JoinNow gets stuck on the “Configuring…” screen
Only Safari, Firefox, Chrome, and Edge are supported. Other browsers have been known to be incompatible with the JoinNow process. Please set your system’s default browser to one that is supported and re-run the JoinNow software. You may set your default browser back once JoinNow has completed.
What are the Certificates that JoinNow installs?
d5de…cb7a Dartmouth College Network Services Root CA
Certificate used to identify the new eduroam authentication system
5fb7…dc25 DigiCert High Assurance EV Root CA
Certificate used to identify the existing eduroam authentication system
2efc…15c1 790be815…107db4
Certificate used to identify the Mist Wi-Fi system used on campus
How long is my certificate file good for? / When will the JoinNow certificate expire?
5 years. This length of time will cover most students’ time on campus as well as the useful life of any computer hardware. If you need to renew a certificate for your device, simply re-run the JoinNow software.
How many devices can I connect to eduroam?
As many as you want, though if you are planning to connect more than 10 devices (such as for lab equipment) we ask that you contact the Service Desk to determine the most appropriate solution.
I have a device that is shared with multiple users (such as a computer lab). How should I connect it to eduroam?
You should use a Departmental NetID or a Service Account to complete the JoinNow process. Never use your personal NetID to connect shared equipment or anyone else’s device to eduroam.
What is WPA3?
WPA3 is the current generation of “Wi-Fi Protected Access” - the software feature that encrypts Wi-Fi connections. Dartmouth is upgrading eduroam to support this standard in order to ensure the highest level of security as well as support the latest Wi-Fi protocols. See
this article on WPA3 for more information.
What is EAP-PEAP-MSCHAPv2?
EAP-PEAP-MSCHAPv2 (Extensible Authentication Protocol, Protected Extensible Authentication Protocol, Microsoft Challenge Handshake Authentication Protocol Version 2) is a way for a device to provide its (or its user's) identity to the network for the purposes of establishing a secure connection. This method uses a NetID and password combination to validate identity. The username and password are checked every time a device connects or reconnects to the network.
MSCHAPv2 was determined to have weaknesses in the technology which could be abused by a cyber attacker. Microsoft is recommending that use of this technology be discontinued and has begun to remove support for it in recent Windows updates. Other operating systems are expected to remove support for MSCHAPv2 in the future.
What is EAP-TLS?
EAP-TLS (Extensible Authentication Protocol, Transport Layer Security), is another way for a device to provide its (or its user's) identity to the network for the purposes of establishing a secure connection. This method uses a digital certificate - a special file that contains a complex sequence of encrypted data about the user's name and permission level. A digital certificate must be installed on each device that needs to connect to the network. The SecureW2 JoinNow software generates and installs this certificate. This certificate is presented to the network upon every connection (similar to waving your ID Card to unlock the door to a building). If the certificate is valid, access to the network is granted.