Connect to CMU-SECURE
WHAT CAN I CONNECT? | SETUP AND CONNECT
CMU-SECURE is the preferred wireless network for students, faculty and staff. Use CMU-SECURE to connect your laptop or desktop computer, tablet or smartphone to secure wireless at CMU.
What can I connect?
Devices you can connect to CMU-SECURE include, but are not limited to: smartphones, laptop and desktop computers, Chromebooks, iPads, and other tablets.
Setup and Connect to CMU-SECURE
To connect, follow the appropriate steps for your device/operating system.
Chromebook
- Once on campus, locate the wireless configuration settings.
- Select CMU-SECURE from your Wi-Fi network list.
- Click Connect.
- When prompted, enter the following:
- Security: EAP
- EAP method: PEAP
- EAP Phase 2 authentication: MSCHAPv2
- Security CA certificate: Do not check
- Identity: Your Andrew userID
- Password: Your Andrew password
Laptop or Desktop Computer
Linux
- Once on campus, locate your wireless configuration settings.
- Select CMU-SECURE from your Wi-Fi network list.
- Enter the following information (terminology may vary; your computer may not require all these settings):
- Wireless security: WPA2 Enterprise
- Authentication: Protected EAP (PEAP)
- Domain: wireless.cmu.edu
- CA certificate: USERTrust RSA Certification Authority (See step 4 for details.)
- PEAP Version: Automatic or Version 0
- Inner/Phase 2 authentication: MSCHAPv2
- Username: You Andrew userID
Note: If your Andrew userID alone doesn't work, try:Andrew\Your Andrew userID - Password: Your Andrew password
- Do one of the following:
- If prompted, verify and accept the CMU wireless certificate.
- If you are not prompted, manually download and install the certificate from the COMODO website onto a portable drive, or connect to a hotspot on your phone to download and install it.
- If checking the fingerprint of the COMODO certificate, you should match this fingerprint:
SHA1: 2B:8F:1B:57:33:0D:BB:A2:D0:7A:6C:51:F7:0E:E9:0D:DA:B9:AD:8E
Mac
- Once on campus, click the Apple menu (top-left) and click System Settings.
- Click Network, then click Wi-Fi.
- Click to enable the Wi-Fi slider if it isn't already enabled.
- Locate CMU-SECURE in the Network Name list and click Connect.
- If prompted, enter your Andrew userID and password, then click OK.
- (Optional) Click Show Certificate to review and verify the certificate.
Windows
- Once on campus, locate the wireless configuration settings on your computer.
- Select CMU-SECURE from your Wi-Fi network list.
- Click Connect.
- If prompted, enter your Andrew userID and password, then click OK.
- If prompted with a Security Alert, click Details.
- Verify and accept.
- Click Connect.
Still can't connect? Follow the manual connection steps.
Mobile
iOS
- Once on campus, locate your wireless configuration settings.
- Select CMU-SECURE from your Wi-Fi network list.
- When prompted, enter the following:
Username: Your Andrew userID
Password: Your Andrew password - If prompted, verify and accept the CMU wireless certificate.
Android
- Once on campus, locate your wireless configuration settings.
- Find CMU-SECURE in your Wi-Fi list.
- When prompted, enter the following:
- EAP method: PEAP
- Phase 2 authentication: MSCHAPV2
- CA certificate: Use System Certificate
- Domain: wireless.cmu.edu
- User certificate: Unspecified
- Identity: Your Andrew userID
- Password: Your Andrew password
- Notes: If you see an Anonymous Identity field, you may leave it blank. On some phones you may need to select TLS: 1.0
- Do one of the following:
-
If prompted, verify and accept the CMU wireless certificate.
Note: You may not be able to select a CMU wireless certificate on some Android devices, but you will be connected to CMU-SECURE after you compete Steps 1-3.
- If not prompted:
- Turn off your wireless connection and manually download and install the certificate from the COMODO website using your provider's 4G/LTE service.
- Select either CA Certificate or the certificate you downloaded and installed when prompted for the certificate.
- Turn on your wireless connection, and select CMU-SECURE in your Wi-Fi list.
- Enter the information provided in Step 3.
-
Note: Terminology may vary across devices. Contact your vendor for terminology specific to your device.
Other Devices
- Once on campus, locate your wireless configuration settings.
- Select CMU-SECURE from your Wi-Fi network list.
- Enter your Andrew userID and password and authenticate with DUO if prompted.
- If prompted, enter any of the following as required for your device:
- Wireless security: WPA2 Enterprise
- Authentication: Protected EAP (PEAP)
- CA certificate: USERTrust RSA Certification Authority or Unspecified
- Domain: wireless.cmu.edu
- User certificate: Unspecified
- Inner/Phase 2 authentication: MSCHAPv2
- Note: If you see an Anonymous Identity field, you may leave it blank.
- If prompted, verify and accept the CMU wireless certificate.
Terminology may vary across devices. Contact your vendor for terminology specific to your device.
Verify the Certificate
A certificate allows you to verify that a network is safe. If you are prompted to accept a certificate as you connect to CMU-SECURE, verify it against the following information.
- Confirm that the certificate is issued by InCommon RSA Server CA
- Verify the Thumbprint/Fingerprint. Note: you may need to scroll to the bottom of the certificate details to find this information.
- Server SHA-256 Thumbprint/Fingerprint for the wireless.cmu.edu certificate:
15:E3:28:27:C7:EB:25:45:D7:C4:97:92:73:DB:25:78:7E:2A:D3:58:6C:94:31:FC:CC:BB:BB:B1:6A:40:70:3E Server SHA-1 Thumbprint/Fingerprint for the wireless.cmu.edu certificate:C7:71:6E:de:B3:FE:76:1F:28:71:20:F2:DE:6F:60:52:F0:91:E4:5C
- Server SHA-256 Thumbprint/Fingerprint for the wireless.cmu.edu certificate:
- Once verified, select the affirmative action to connect (e.g. “Continue,” “Connect,” “Trust,” etc., depending on your device).
Depending on your device you may also need to Forget this Network and then rejoin to pick up the new certificate.