This page provides some further information about the changes to the ChemNet network service taking place in December 2021/January 2022.
What action do I need to take?
Our advice for most users is to first make your computer "forget" the existing ChemNet configuration. The exact steps for this will depend on your operating system, but the general steps for some common operating systems are:
- Windows 10: open the list of WiFi networks, right click ChemNet and then click Forget
- Apple macOS / iOS
- Linux (network manager): go to the WiFi settings, click the settings icon next to ChemNet and click Forget connection
- Android: choose Settings, then Wi-Fi (perhaps in the Network and Internet settings). Tap and hold the row for ChemNet, then tap Forget network
Then, follow our normal instructions for connecting to ChemNet.
When do I need to update my settings?
You can update your ChemNet configuration immediately - the new settings will work from December 13th 2021. If you do not make these changes by January 7th 2022, your computer might fail to connect to ChemNet after that date.
What should I do if I'm not able to visit the Department before January?
The change to ChemNet will not affect your ability to use other WiFi network such as eduroam or UniOfCam. You can connect to one of those WiFi networks (see the UIS website for instructions if necessary) the next time you are in the Department and then return to this webpage and follow the instructions for updating your ChemNet settings.
What will happen if I don't make these changes?
The effect will vary depending on your operating system. Your computer might refuse to connect to the ChemNet network, or it might tell you that the WiFi connection is untrusted.
Why is this change needed?
The ChemNet network uses SSL certificates to allow your computer to confirm that it is connecting to a trusted network before sending your ChemNet token to the network for checking. This is the same technology used by your web browser to confirm that a website is trusted (when using HTTPS).
The University uses SSL certificates provided by the Jisc Certificate Service , and Jisc changed their certificate provider earlier in 2021. This means that your computer needs to be reconfigured to trust the certificates from the new provider.
Technical information
As noted aboved, the reason for this change is due to a change in the University's provider of SSL certificates. Previously, certificates were signed by the QuoVadis Root CA 2 G3 certificate authority, with the following chain of trust:
- subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2 G3
- subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Global SSL ICA G3
- subject=C = GB, ST = Cambridgeshire, L = Cambridge, O = University of Cambridge, CN = chemnet.ch.private.cam.ac.uk
Due to the change in provider, the chain of trust now uses the (Comodo) AAA Certificate Services certificate authority:
- subject=C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
- subject=C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
- subject=C = NL, O = GEANT Vereniging, CN = GEANT OV RSA CA 4
- subject=C = GB, L = Cambridge, O = University of Cambridge, OU = Department of Chemistry, CN = chemnet.ch.private.cam.ac.uk
In order to provide a transitional period, authentications using the @ch.2018.cam.ac.uk realm will continue to use the old chain of trust (signed by QuoVadis Global CA 2 G3) until the corresponding chemnet.ch.private.cam.ac.uk certificate expires on January 7. Authentications using the @ch.2021.cam.ac.uk realm will use the new chain of trust (signed by AAA Certificate Services). If you are confident you understand what this means, you can manually make the following changes to an existing ChemNet configuration:
- Trust connections signed by AAA Certificate Services (e.g. on Linux, this may be provided by /etc/ssl/certs/Comodo_AAA_Services_root.pem)
- Change your anonymous/outer identity from @ch.2018.cam.ac.uk to @ch.2021.cam.ac.uk
- Change your username/inner identity from CRSID@ch.2018.cam.ac.uk to CRSID@ch.2021.cam.ac.uk