The university networks uses the Telesec GlobalRoot Class 2 - certificate since 01. October 2018
So far the university network used Deutsche Telekom Root CA 2, which expires on 09. Juli 2019.
The replacement for the Deutsche Telekom Root CA 2 certificate is the T-Telesec GlobalRoot Class 2 certificate, which is expires on 09. Oktober 2033.
The current wifi profiles already use the T-Telesec GlobalRoot Class 2 certificate and are available on the serviceportal under the following link:
Why do we need a certificate?
A network verifies username and password of a user through a radius-server.
To prevent sending this data to untrustworthy authentification servers, the client verifies the trustworthiness of the radius-server by means of the certificate.