Connect to CMU-SECURE

WHAT CAN I CONNECT? | SETUP AND CONNECT

CMU-SECURE is the preferred wireless network for students, faculty and staff. Use CMU-SECURE to connect your laptop or desktop computer, tablet or smartphone to secure wireless at CMU.

What can I connect?

Devices you can connect to CMU-SECURE include, but are not limited to: smartphones, laptop and desktop computers, Chromebooks, iPads, and other tablets.

Setup and Connect to CMU-SECURE

To connect, follow the appropriate steps for your device/operating system.

Chromebook

Once on campus, locate the wireless configuration settings.
Select CMU-SECURE from your Wi-Fi network list.
Click Connect.
When prompted, enter the following:
- Security: EAP
- EAP method: PEAP
- EAP Phase 2 authentication: MSCHAPv2
- Security CA certificate: Do not check
- Identity: your Andrew userID
- Password: your Andrew password

Laptop or Desktop Computer

Linux

Once on campus, locate your wireless configuration settings.
Select CMU-SECURE from your Wi-Fi network list.
Enter the following information (terminology may vary; your computer may not require all these settings):
- Wireless security: WPA2 Enterprise
- Authentication: Protected EAP (PEAP)
- CA certificate: USERTrust RSA Certification Authority (See step 3 for details.)
- PEAP Version: Automatic or Version 0
- Inner/Phase 2 authentication: MSCHAPv2
- Username: Andrew userID
- Password: Andrew password
Do one of the following:
- If prompted, verify and accept the CMU wireless certificate.
- If not prompted, manually download and install the certificate from the COMODO website.
- If checking the fingerprint of the COMODO certificate, you should match this fingerprint:
  SHA1: 2B:8F:1B:57:33:0D:BB:A2:D0:7A:6C:51:F7:0E:E9:0D:DA:B9:AD:8E

Mac

Once on campus, click the Apple menu (top-left) and click one of the following:
1. macOS Ventura - System Settings
2. macOS Monterey - System Preferences
Click Network, then click one of the following:
1. macOS Ventura - Wi-Fi and then click to enable the Wi-Fi slider
2. macOS Monterey - Turn Wi-Fi On
Select CMU-SECURE in the Network Name list.
If prompted, enter your Andrew userID and password, then click OK.
Click Show Certificate, then click verify and accept and click Continue.
Note: macOS Ventura users may review the certificate, but you are not prompted to verify and accept.

Windows

Once on campus, locate the wireless configuration settings on your computer.
Select CMU-SECURE from your Wi-Fi network list.
Click Connect.
If prompted, enter your Andrew userID and password, then click OK.
If prompted with a Security Alert, click Details.
Verify and accept.
Click Connect.

Still can't connect? Follow the manual connection steps.

Mobile

iOS

Once on campus, locate your wireless configuration settings.
Select CMU-SECURE from your Wi-Fi network list.
When prompted, enter the following:
Username: Andrew userID
Password: Andrew password
If prompted, verify and accept the CMU wireless certificate.

Android

Once on campus, locate your wireless configuration settings.
Find CMU-SECURE in your Wi-Fi list.
When prompted, enter the following:
- EAP method: PEAP
- Phase 2 authentication: MSCHAPV2
- CA certificate: Use System Certificate
- Domain: wireless.cmu.edu
- User certificate: Unspecified
- Identity: Andrew userID
- Password: Andrew password
- Note: If you see an Anonymous Identity field, you may leave it blank.
Do one of the following:
- If prompted, verify and accept the CMU wireless certificate.
  
  Note: You may not be able to select a CMU wireless certificate on some Android devices, but you will be connected to CMU-SECURE after you compete Steps 1-3.
- If not prompted:
  1. Turn off your wireless connection and manually download and install the certificate from the COMODO website using your provider's 4G/LTE service.
  2. Select either CA Certificate or the certificate you downloaded and installed when prompted for the certificate.
  3. Turn on your wireless connection, and select CMU-SECURE in your Wi-Fi list.
  4. Enter the information provided in Step 3.

Note: Terminology may vary across devices. Contact your vendor for terminology specific to your device.

Other Devices

Once on campus, locate your wireless configuration settings.
Select CMU-SECURE from your Wi-Fi network list.
When prompted, enter any of the following as required for your device:
- Wireless security: WPA2 Enterprise
- Authentication: Protected EAP (PEAP)
- CA certificate: USERTrust RSA Certification Authority or Unspecified
- Domain: wireless.cmu.edu
- User certificate: Unspecified
- Inner/Phase 2 authentication: MSCHAPv2
- Username/Identity: Andrew userID.
- Password: Andrew password.
- Note: If you see an Anonymous Identity field, you may leave it blank.
If prompted, verify and accept the CMU wireless certificate.

Terminology may vary across devices. Contact your vendor for terminology specific to your device.

Request a Public IP Address

Devices are registered with a private IP address. When connected to CMU-SECURE, your device is visible outside our network but cannot be scanned from the internet.

If you need a public IP address, please contact the Computing Services Help Center at it-help@cmu.edu or 412-268-4357 (HELP) if you have questions or need assistance.

Verify the Certificate

A certificate allows you to verify that a network is safe. If you are prompted to accept a certificate as you connect to CMU-SECURE, verify it against the following information.

Confirm that the certificate is issued by InCommon RSA Server CA
Verify the Thumbprint/Fingerprint. Note: you may need to scroll to the bottom of the certificate details to find this information.
- Server SHA-256 Thumbprint/Fingerprint for the wireless.cmu.edu certificate:
  4D:51:33:C7:08:13:30:BA:EE:70:32:05:35:C1:CD:24:13:23:3C:F9:2A:63:DF:DF:3F:B0:C8:C9:30:EE:9A:1E
- Server SHA-1 Thumbprint/Fingerprint for the wireless.cmu.edu certificate:
  90:70:E0:A7:B9:37:E8:B5:69:8B:7D:DD:15:CB:90:79:90:4E:A5:12

Computing Services

Office of the CIO