Mathematical Institute of the University of Bonn

WiFi SSID MI

Under the SSID MI you will find the MI's WLAN. The authentification for this does not use a combination of username and password but uses certificates instead, a solution based on asymmetric cryptography. Because this method is not very widespread yet, you may not be familiar with it.
If your certificate has bee issued based on a MI address, you have full access to the institute's printers in this net.

You can find instructions for the most common operating systems here:

• Microsoft Windows 7
• Microsoft Windows 8
• Microsoft Windows 10
• Linux mit NetworkManager
• Linux mit Wicd
• Linux mit wpa_supplicant
• Android 4.4
• Apple iOS/iPadOS
• Apple macOS Ventura 13.x

This list is, of course, incomplete. So, if you want to use our wireless with an OS or device not listed above, like a Smartphone or a Tablet PC, please call us for assistence. Or, if you like to, you may try for yourself along the following lines:

First, try to import the certificate that was sent to you by email. Double-click on the file or attachment cert.p12. If there's a program starting up called Certificate Import Assistant, Keychain Utility or the like, accept its defaults. If asked for a Certificate Password, enter WLAN unless told otherwise by email. If no program starts up, save the attachements.

Now activate your wireless and try to connect to a network (SSID) MI. You will probably be prompted for Authentification Details.

The encryption we use is generally called Enterprise WPA2 (in contrast to variants containing the phrase personal or PSK) while the authorization method in place will show up as EAP-TLS or simply TLS (the other choices may include PEAP, TTLS or submethods libe TTLS-CHAP). Leave Username and Password fields empty. If asked for a Certificate, there are to possible things you are really being asked for: If presented a (short) list of certificate names, look for the value given you as your Identity; if asked to choose a file or file name, select the cert.der file attached to the email. In this case, there ought to be another field asking for the certificate's private key: select the key.der file. If a similar third field asks for a CA Certificate, select the AAA_Certificate_Services.der file. If asked for an Identity, enter the value given by email.

Now, try to connect. A warning saying a certificate issued to a server like ems.math.uni-bonn.de is not trustworthy or has been issued by an unknown entity can be safely ignored. If asked to allow acces to some certificate, chose always allow or the like since this is exactly what you want to happen in order to authenticate.

In case you like it short, the above can put short: 802.11i/802.1x/EAP-TLS.