Our advice for most users is to first make your computer "forget" the existing ChemNet configuration. The exact steps for this will depend on your operating system, but the general steps for some common operating systems are:

• Windows 10/11: open the list of WiFi networks, right click ChemNet and then click Forget
• Apple macOS / iOS
• Linux (network manager): go to the WiFi settings, click the settings icon next to ChemNet and click Forget connection
• Android: choose Settings, then Wi-Fi (perhaps in the Network and Internet settings). Tap and hold the row for ChemNet, then tap Forget network

Then, follow our normal instructions for connecting to ChemNet.

You can update your ChemNet configuration immediately - the new settings will work from May 29th 2025. If you do not make these changes by July 4th 2025 your computer might fail to connect to ChemNet after that date.

The change to ChemNet will not affect your ability to use other WiFi network such as eduroam or UniOfCam-Guest. You can connect to one of those WiFi networks (see the UIS website for instructions if necessary) the next time you are in the Department and then return to this webpage and follow the instructions for updating your ChemNet settings.

The effect will vary depending on your operating system. Your computer might refuse to connect to the ChemNet network, or it might tell you that the WiFi connection is untrusted.

The ChemNet network uses SSL certificates to allow your computer to confirm that it is connecting to a trusted network before sending your ChemNet token to the network for checking. This is the same technology used by your web browser to confirm that a website is trusted (when using HTTPS).

The University uses SSL certificates provided by the Jisc Certificate Service , and Jisc changed their certificate provider in early 2025. This means that your computer needs to be reconfigured to trust the certificates from the new provider.

As noted aboved, the reason for this change is due to a change in the University's provider of SSL certificates. Previously, certificates were signed by the Comodo AAA Certificate Services certificate authority, with the following chain of trust:

• subject=C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
• subject=C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
• subject=C = NL, O = GEANT Vereniging, CN = GEANT OV RSA CA 4
• subject=C = GB, L = Cambridge, O = University of Cambridge, OU = Department of Chemistry, CN = chemnet.ch.private.cam.ac.uk

Due to the change in provider, the chain of trust now uses the DigiCert Global Root G2 certificate authority:

• subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
• subject=C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
• subject=C = GB, L = Cambridge, O = University of Cambridge, CN = chemnet.ch.private.cam.ac.uk

In order to provide a transitional period, authentications using the @ch.2021.cam.ac.uk realm will continue to use the old chain of trust (signed by AAA Certificate Services) until the corresponding chemnet.ch.private.cam.ac.uk certificate expires on July 4. Authentications using the @ch.2025.cam.ac.uk realm will use the new chain of trust (signed by DigiCert Global Root G2). If you are confident you understand what this means, you can manually make the following changes to an existing ChemNet configuration:

• Trust connections signed by DigiCert Global Root G2 (e.g. on Linux, this may be provided by /etc/ssl/certs/DigiCert_Global_Root_G2.pem)
• Change your anonymous/outer identity from @ch.2021.cam.ac.uk to @ch.2025.cam.ac.uk
• Change your username/inner identity from CRSID@ch.2021.cam.ac.uk to CRSID@ch.2025.cam.ac.uk