Email
Main Content

Android 11 settings (manual)

Installing the CA root certificate on Android 11

For secure authentication in the networks of Philipps-Universität Marburg, you need the CA root certificate of the German Research Network (DFN).

  • Make sure that your Android device has an active Internet connection. Use either a private WLAN or the mobile network for this. Note that additional costs may arise for mobile connections.
  • Start Google Chrome or some other web browser.
  • Long-tap the link https://pki.pca.dfn.de/dfn-ca-global-g2/pub/cacert/rootcert.crt in the browser.
    a context menu opens. Select Download link.
  • Switch to the start screen and select
    Settings (cogwheel icon)
    → WLAN
    → WLAN settings
    → Advanced
    → Install certificates
    → Hamburger menu (3 horizontal lines)
    → Downloads
  • As an alternative to the above steps, you can also place the certificate in the downloads folder in another way, e.g. by manually copying it from a USB stick connected via USB-OTG.
  • Open the rootcert.crt file from the Downloads folder.
  • In the Name Certificate dialog, select a certificate name, e.g. cert-uni.
  • If you had previously set a lock screen that was not trusted for using certificates, you will be prompted to set a lock screen for your device that is trusted for using certificates. For example, for some manufacturers, unlocking with "Pattern", "Swipe", "Motion", "Face", "Voice", or "Fingerprint" is considered untrusted. In this case, select one of the remaining trusted lock screens, e.g. often "PIN" or "Password". Please note that switching to a non-trusted lock screen later will delete your WLAN and certificate settings.
  • The Set Password dialog may appear, where you have to set a password for the Android OS login information store.

Installation with the Android barcode scanner (if you are not viewing the instructions on your Android device).

  • Make sure that your Android device has an active Internet connection. Use either a private WLAN or the mobile network for this. Note that costs may be incurred for mobile phone connections.
  • Select Menu → Barcode Scanner. If the barcode scanner (ZXing) is missing, you can install it via Menu → Market or Menu → Play.
  • Scan the barcode shown on the right, which contains the link to the CA certificate of the German Research Network (DFN).
  • Once the barcode has been recognized by your Android device, select Open Browser. Please make sure you are using the Android browser (commonly referred to as "browser"), Chrome, or Opera. For example, importing with Firefox will not work here.
  • In the Name Certificate dialog, select a certificate name, e.g. cert-uni. In the Use credentials menu, select Wi-Fi or WLAN. Then confirm the dialog.
  • If you had  set a lock screen not trusted for use with certificates previously, you will be prompted to set a lock screen for your device that is trusted for use with certificates. For example, for some manufacturers, unlocking with "Pattern", "Swipe", "Motion", "Face", "Voice", or "Fingerprint" is considered untrusted. In this case, select one of the remaining trusted lock screens, e.g. often "PIN" or "Password". Please note that switching to a non-trusted lock screen later will delete your WLAN and certificate settings.
  • The Set Password dialog may appear, where you have to set a password for the Android OS login information store.

Settings for the WLAN networks eduroam and UMRnet_staff

  1. If supported by your device, select Menu→ Settings → Privacy or Menu→ Settings → Back up and reset and disable Back up my data. This prevents your personal credentials from being stored on Google's servers.
  2. Choose Menu → Settings → Wireless and networks.
  3. In the Wireless and networks dialog, activate WLAN (also: WiFi). Then select WLAN settings / Wi-Fi settings depending on the model.
  4. All accessible WLAN networks are displayed in the WLAN settings dialog.
    If you are in the eduroam or UMRnet_staff eduroam reception range, the corresponding networks are displayed.
    Select UMRnet_staff or eduroam from the list of WLAN networks.
    The Set Password dialog may appear, in which you have to set a password for the Android OS login information store.
  5. In the Connect to Network dialog, make the following settings; make sure that NO SPACE is added to the Identity and Domain entries:
    EAP method: PEAP, for Samsung devices: TTLS.
    Phase 2 authentication: MSCHAPv2, for Samsung devices: PAP
    Client certificate: N/A
    Identity: Your username (short form is sufficient)
    Password: Your personal password
    Important: Depending on the device, you can find the settings for "CA certificate" and "Anonymous identity" either directly in the existing dialog or by clicking "Show advanced options" and then scrolling down to the advanced options.
    CA certificate: The certificate you have already installed, e.g. cert-uni
    Domain: radius.students.uni-marburg.de or radius.staff.uni-marburg.de (technically, this is the server name/SubjectAltName contained in the certificate)
    Anonymous identity: eduroam@students.uni-marburg.de or eduroam@staff.uni-marburg.de, respectively
  6. Confirm the entries by tapping Connect. You should now be connected to the WLAN and be able to use Internet services.