IT Services

• ITS home
• Help
• Services
• My IT account
• About

Questions and answers

2378

How can I resolve the duplicate certificate problem when trying to connect to a wired access connection or eduroam?

If you're a user of Windows Vista or Windows 7, you may be affected by a certificate problem which could prevent you from connecting to the networks at Sussex. If you have run through the instructions on the pink or green sheets, including going all of the way through the XpressConnect process but then find you are unable to get past the last stage (Validating your connection), it's possible that you are affected by this issue.

You can follow the procedure below to check and if so, to fix it. The process is quite technical and so if you're in any doubt, please contact our Service Desk in Shawcross for advice.

Diagnosing the problem

• From the Start menu, go to Control panel and choose Network and Internet
• Choose Network and Sharing center and then select Manage network connections or Change Adapter Settings from the list on the left-hand side
• Double-click on Local Area Connection to edit connection settings for a wired access connection

• Ensure that in the Network tab, all of the boxes except Internet Protocol Version 4 are unchecked
• next, click the Authentication tab and then the Settings button
• In the Trusted Root Certification Authorities window, scroll down until you see an entry for Thawte Premium Server CA

If you are affected by this issue, you will see two entries for Thawte Premium Server CA. The duplicate certificate will prevent you from connecting to ResNet.

Checking the certificate settings for wifi (eduroam)
The authentication settings for wifi are stored in a different location on Windows 7. To get to the same location:

• From the Start Menu, go to the Control Panel, then choose Network and Internet and then Network and Sharing centre
• Click on Manage wireless networks in the menu on the left
• Right-click on eduroam and choose Properties
• Click on the Security tab and then Settings
• You will then see the window showing the available certificates as shown above

Fixing the issue

• From the start menu, type certmgr.msc into the Search field
• In the Certificate Manager that opens, first maximise the window so you can see all of the details
• click on Trusted Root Certification Authorities and then Certificates
• Scroll down until you get to the certificates called Thawte Premium Server CA
• You will see that there are two certificates - double-click on the first to view the details of the certificate and click on the Details tab
• The Serial Number should be 36122296c5e338a520a1d25f4cd70954 but there is also an incorrect certificate with the serial number 01

• Check the second certificate as well to find the serial number and then delete the certificate with the incorrect serial number
• Now go back to the Network and Sharing Centre and click on Change Adapter settings (or Manage network connections)
• Double-click on Local Area Connection to edit connection settings for ResNet
• click the Authentication tab and then the Settings button
• if you're trying to fix the connection to wifi (eduroam), follow the procedure above to get to the same window
• In the Trusted Root Certification Authorities window, scroll down until you see the entry for Thawte Premium Server CA. There should now only be one entry - make sure it's ticked and then click OK to close the window
• Right-click on the appropriate connection (Local area connection for ResNet or Wireless connection for eduroam) and choose Disable
• Wait for a few seconds, then right-click again and choose Enable

This process will correct the problem and unless there is another issue, will enable you to connect to wifi (eduroam) and ResNet. If problems persist or you are unsure about following this procedure, please contact the IT Service Desk at Shawcross and we will help to fix the issue.

Downloadable version of these instructions (PDF)