Connect to CMU-SECURE

WHAT CAN I CONNECT? | SETUP AND CONNECT

CMU-SECURE is the preferred wireless network for students, faculty and staff. Use CMU-SECURE to connect your laptop or desktop computer, tablet or smartphone to secure wireless at CMU.

What can I connect?

Devices you can connect to CMU-SECURE include, but are not limited to: smartphones, laptop and desktop computers, Chromebooks, iPads, and other tablets.

Setup and Connect to CMU-SECURE

To connect, follow the appropriate steps for your device/operating system.

Chromebook

Once on campus, locate the wireless configuration settings.
Select CMU-SECURE from your Wi-Fi network list.
Click Connect.
When prompted, enter the following:
- Security: EAP
- EAP method: PEAP
- EAP Phase 2 authentication: MSCHAPv2
- Security CA certificate: Do not check
- Identity: Your Andrew userID
- Password: Your Andrew password

Laptop or Desktop Computer

Linux

Once on campus, locate your wireless configuration settings.
Select CMU-SECURE from your Wi-Fi network list.
Enter the following information (terminology may vary; your computer may not require all these settings):
- Wireless security: WPA2 Enterprise
- Authentication: Protected EAP (PEAP)
- CA certificate: USERTrust RSA Certification Authority (See step 3 for details.)
- PEAP Version: Automatic or Version 0
- Inner/Phase 2 authentication: MSCHAPv2
- Username: You Andrew userID
  Note: If your Andrew userID alone doesn't work, try:
  Andrew\Your Andrew userID
- Password: Your Andrew password
Do one of the following:
- If prompted, verify and accept the CMU wireless certificate.
- If not prompted, manually download and install the certificate from the COMODO website.
- If checking the fingerprint of the COMODO certificate, you should match this fingerprint:
  SHA1: 2B:8F:1B:57:33:0D:BB:A2:D0:7A:6C:51:F7:0E:E9:0D:DA:B9:AD:8E

Mac

Once on campus, click the Apple menu (top-left) and click System Settings.
Click Network, then click Wi-Fi.
Click to enable the Wi-Fi slider if it isn't already enabled.
Locate CMU-SECURE in the Network Name list and click Connect.
If prompted, enter your Andrew userID and password, then click OK.
(Optional) Click Show Certificate to review and verify the certificate.

Windows

Once on campus, locate the wireless configuration settings on your computer.
Select CMU-SECURE from your Wi-Fi network list.
Click Connect.
If prompted, enter your Andrew userID and password, then click OK.
If prompted with a Security Alert, click Details.
Verify and accept.
Click Connect.

Still can't connect? Follow the manual connection steps.

Mobile

iOS

Once on campus, locate your wireless configuration settings.
Select CMU-SECURE from your Wi-Fi network list.
When prompted, enter the following:
Username: Your Andrew userID
Password: Your Andrew password
If prompted, verify and accept the CMU wireless certificate.

Android

Once on campus, locate your wireless configuration settings.
Find CMU-SECURE in your Wi-Fi list.
When prompted, enter the following:
- EAP method: PEAP
- Phase 2 authentication: MSCHAPV2
- CA certificate: Use System Certificate
- Domain: wireless.cmu.edu
- User certificate: Unspecified
- Identity: Your Andrew userID
- Password: Your Andrew password
- Note: If you see an Anonymous Identity field, you may leave it blank.
Do one of the following:
- If prompted, verify and accept the CMU wireless certificate.
  
  Note: You may not be able to select a CMU wireless certificate on some Android devices, but you will be connected to CMU-SECURE after you compete Steps 1-3.
- If not prompted:
  1. Turn off your wireless connection and manually download and install the certificate from the COMODO website using your provider's 4G/LTE service.
  2. Select either CA Certificate or the certificate you downloaded and installed when prompted for the certificate.
  3. Turn on your wireless connection, and select CMU-SECURE in your Wi-Fi list.
  4. Enter the information provided in Step 3.

Note: Terminology may vary across devices. Contact your vendor for terminology specific to your device.

Other Devices

Once on campus, locate your wireless configuration settings.
Select CMU-SECURE from your Wi-Fi network list.
Enter your Andrew userID and password and authenticate with DUO if prompted.
If prompted, enter any of the following as required for your device:
- Wireless security: WPA2 Enterprise
- Authentication: Protected EAP (PEAP)
- CA certificate: USERTrust RSA Certification Authority or Unspecified
- Domain: wireless.cmu.edu
- User certificate: Unspecified
- Inner/Phase 2 authentication: MSCHAPv2
- Note: If you see an Anonymous Identity field, you may leave it blank.
If prompted, verify and accept the CMU wireless certificate.

Terminology may vary across devices. Contact your vendor for terminology specific to your device.

Request a Public IP Address

Devices are registered with a private IP address. When connected to CMU-SECURE, your device is visible outside our network but cannot be scanned from the internet.

If you need a public IP address, please contact the Computing Services Help Center at it-help@cmu.edu or 412-268-4357 (HELP) if you have questions or need assistance.

Verify the Certificate

A certificate allows you to verify that a network is safe. If you are prompted to accept a certificate as you connect to CMU-SECURE, verify it against the following information.

Confirm that the certificate is issued by InCommon RSA Server CA
Verify the Thumbprint/Fingerprint. Note: you may need to scroll to the bottom of the certificate details to find this information.
- Server SHA-256 Thumbprint/Fingerprint for the wireless.cmu.edu certificate:
  A1:2E:F3:BE:FB:7D:54:45:66:DB:2C:7E:07:BB:02:4B:F8:07:94:3A:49:E9:BD:14:11:99:EB:7F:33:4B:AE:2C
- Server SHA-1 Thumbprint/Fingerprint for the wireless.cmu.edu certificate:
  31:2E:A5:8A:6F:6D:32:97:75:4B:51:88:9D:D4:09:ED:A0:9D:59:34

Computing Services

Office of the CIO