IT Services

Certificate update

There was a significant change to the Sussex networks during the Easter vacation.

The security certificate used by our authentication system was due to expire and we replaced it on Thursday 22 March 2012.

For most devices, no action is needed. You will be able to connect to the wi-fi and ResNet as usual. However, some Windows PCs may be unable to connect after the certificate change. If you have problems connecting your own laptop to wi-fi or ResNet the next time you're on campus following the update, use the instructions on this page to get back online.

Users of iPhones and other iOS devices may also notice a problem after turning their devices off and on (see below) but apart from that, this issue does not affect mobile devices, Mac laptops or staff or student computers in cluster rooms and offices.

one-page PDF with instructions

Download our one-page guide (PDF) to getting back online and keep it handy in case you have a problem connecting after the update.

Using XpressConnect

You can get back online quickly using XpressConnect:

the setup link on the support page and the XpressConnect button
  • on wi-fi, first connect to the sussex.ac.uk-wifi-setup network
  • on ResNet, plug in the network cable
  • open a web browser and you should be directed automatically to the Sussex network support page - click on the GO button for Member of the Universisty
  • login with your IT username and password
  • click on the setup link at the top of the page and then the XpressConnect button
  • follow the on-screen instructions to complete XpressConnect and update your settings
  • you will need to do this process for both wi-fi and ResNet but you should then be able to connect as normal

Making the change manually

the network icon in the taskbar tick Thawte Primary Root CA

If you have trouble with XpressConnect, or if you prefer to make the changes manually, follow the instructions below.

For wi-fi:

  • click on the network icon in the task bar and choose Open Network and Sharing Center
  • click on Manage wireless networks, then click eduroam once to highlight it
  • right-click and choose properties
  • click on Security and then Settings
  • in the Trusted Root Certification Authorities, scroll down and tick thawte Primary Root CA

For ResNet:

  • click on the network icon in the task bar and choose Open Network and Sharing Center
  • click on Change adapter settings
  • right-click on Local Area Connection and choose properties
  • click on Authentication and then Settings
  • in the Trusted Root Certification Authorities, scroll down and tick thawte Primary Root CA

iPhone/iPad/iPod

You might find that your iPhone or other iOS device does not connect automatically to the campus wi-fi (eduroam) after you have turned it off.

You can fix this easily as follows:

  • connect to sussex.ac.uk-wifi-setup and open Safari
  • tap on the GO button for Member of the University and login with your username and password
  • tap on Setup at the top of the page and then the XpressConnect button

Follow the instructions to run through the XpressConnect process and it will update your device with the new certificate.

More details about the change

Like most eduroam services, the authentication system for wi-fi and ResNet at Sussex uses a security certificate to protect your username and password when you connect. Every time it connects, your computer checks that the network's certificate is valid before it provides your login details. These security certificates are usually only valid for a few years before they have to be renewed. The Sussex network certificate was due to expire during the Easter vacation and so we replaced it on 22 March.

Most devices will be able to recognise the new certificate without you having to make any changes. Mobile devices such as iPads or Android phones will continue to connect as normal. Windows XP, Mac or Linux computers will also connect using the new certificate. However, some computers using Windows 7 or Windows Vista will be unable to connect after the update until they have been specifically instructed to trust the new certificate. This is due to the way that certificates are checked in later editions of Windows and unfortunately the disruption for some users is unavoidable.

However, we have done everything possible to limit the impact and if you are affected by the issue, you can be back online in a few minutes by following the instructions on this page.

Updated on 20 April 2012