Table of Contents
Overview
What is the certificate‑based Wi‑Fi project?
It is a multi‑year initiative to introduce EAP‑TLS certificate authentication for TAMU Wi‑Fi. Instead of logging in with a NetID and password each time, users and devices will authenticate using long‑lived digital certificates—improving security, reliability, and future network segmentation.
Why are we moving away from NetID password authentication?
- NetID password authentication is insecure and is being phased out by several operating systems.
- Certificates provide much stronger protection, reduce credential exposure, and enable future network improvements.
Will this change break existing Wi‑Fi access?
No. MSCHAPv2 will continue to work for now.
The new certificate option will run in parallel while TAMU tests, gathers feedback, and gradually transitions usage over time.
Technical Setup & Configuration
How do I connect to TAMU_WiFi?
To ensure your security, the Texas A&M University network utilizes a secure authentication mechanism known as WPA2-Enterprise and 802.1X. This security mechanism protects your username and password. In a wireless environment, your data is also protected by network encryption. To utilize this secure network, your network connection requires specific settings.
To automatically configure your device for TAMU_WiFi, go to:
https://cloud.securew2.com/public/05075/TAMU_WiFi/
Step-by-step instructions:
After you are configured for TAMU_WiFi, any time you are in range of a TAMU_VISITOR access point, you will automatically connect to TAMU_WiFi.
Account & Access Management
How do I get an account for TAMU_WiFi?
To connect to TAMU_WiFi, you need an active NetID and password. This secure network is available to all Texas A&M University students, faculty, staff, guests, retirees, and professors emeriti with a valid NetID.
If you do not have a Texas A&M NetID or are not affiliated with the University, you can connect to the network using the TAMU_VISITOR Guest profile.
For detailed instructions tailored to your device or operating system, refer to the links below:
I'm a contractor/adjunct faculty - am I eligible for a certificate?
The secure network is available to all Texas A&M University students, faculty, staff, guests, retirees, and professors emeriti with a valid NetID.
If you do not have a Texas A&M NetID or are not affiliated with the University, you can connect to the network using the TAMU_VISITOR Guest profile.
How long is a certificate good for?
The certificates are set to last 5 years.
My certificate expired - how do I renew it?
If your certificate expires or becomes corrupted, you may renew it by completing the onboarding process
What happens to my certificate when I graduate/leave the university?
Certificate lifecycle tied to institutional affiliation.
Security & Privacy
Is my internet activity monitored through this certificate?
Privacy policies and network monitoring capabilities.
What personal information is stored in the certificate?
Data minimization and certificate attribute policies.
Can I opt out and use a different authentication method?
Alternative access methods and their security implications.
Will this affect Eduroam?
Not initially. Eduroam is out of scope for the early rollout.
However, Eduroam will eventually adopt certificate authentication because it suffers from the same MSCHAPv2 limitations.
Will Eduroam become a separate network segment?
No. Eduroam is simply an entry point.
After authentication, devices are placed into the correct segment based on:
- originating institution
- device type (managed vs. BYOD)
How will revoking network access work in the future?
Network access can be revoked by expiring or disabling a certificate—without resetting a user’s NetID password.
This avoids the disruptions that password resets cause.
Support & Resources
Why use TAMU_WiFi?
- TAMU_WiFi utilizes a secure authentication mechanism known as WPA2-Enterprise and 802.1X which keeps your username and password safe when logging in.
- TAMU_WiFi protects your data that is sent over the wireless network. Even when using non SSL or https connections.
- The TAMU_WiFi supplicant stores your username and password, so any time you are within range of a TAMU_VISITOR access point, you will automatically connect to TAMU_WiFi, bypassing the login page.*