diff --git a/docs/network.md b/docs/network.md
index 9362e03647cb0be59bf61ae50cd4c2fa6be25f52..d1d51fafa93f21b153eb1aa5bd72d602e2441310 100644
--- a/docs/network.md
+++ b/docs/network.md
@@ -48,6 +48,7 @@ You might think: "WTF!? Do I need to register a user and password blah, blah". F
 Users which use MSCHAPv2 (like Windows users with default 802.1X supplicant) should use a fixed username and password. You can use "camp/camp" or "guest/guest" as "username/password". 
 
 ### Client Settings
+Also see [here](network_dot1x_settings.md) for a list of OS-specific client settings.
 
 ```
 SSID: Camp2023
@@ -67,6 +68,9 @@ CA = ISRG Root X1
 
 SHA256 Fingerprint = 6C:5E:71:4F:1E:AD:3A:D5:FE:1A:F6:F3:67:17:FD:63:13:2F:CA:9C:51:36:92:5E:1B:3A:D2:DF:5F:A8:D2:D7
 ```
+Make sure you check the certificate in order to know you are connecting to the correct network (you should check on both the CN and the CA). Check [here](network_dot1x_certificate.md) for the complete certificate.
+
+
 
 ### Services VLANs
 
diff --git a/docs/network_dot1x_certificate.md b/docs/network_dot1x_certificate.md
new file mode 100644
index 0000000000000000000000000000000000000000..e97f921d7ebdb85273b1166d02c4dfb5d77412e6
--- /dev/null
+++ b/docs/network_dot1x_certificate.md
@@ -0,0 +1,30 @@
+```
+-----BEGIN CERTIFICATE-----
+MIIE7TCCA9WgAwIBAgISBFrF3j7yS0TtKla1OxCf/70iMA0GCSqGSIb3DQEBCwUA
+MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
+EwJSMzAeFw0yMzA3MTkxODUwNDdaFw0yMzEwMTcxODUwNDZaMBsxGTAXBgNVBAMT
+EHJhZGl1cy5jM25vYy5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCng274703Bm8pL5rqu2Em2fHHspCSeXPVarG+RIqVGtTWua+4w495RBrRkvfrT
+dj0oRNywRuLikSRGOneJy2EdjCz23NyKdu5eOZ9FjmQj3EP7ZwmabI+8j4Keme5I
+9u0ooq4DX29FB+HT3zhDth9qPrrupkYXW7fRdcbqiX24h6JWy41qQt8mjNczwTLx
+An9Um6IXYhZE2OXErsEVJJPXmVioXwZsyKzkfpCRQzxm5OK3nxYNbnJh/YmzIjBM
+xMKFig1PoyWj9TJ7fImj0SzsUi1YU0WHqqq7Ay1F7RzPnMe41n39XDIi46jmsN6W
+jN+p9Qa1ZQLXdPUwSQ22lPeBAgMBAAGjggISMIICDjAOBgNVHQ8BAf8EBAMCBaAw
+HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
+VR0OBBYEFPR6lGqppt9ifRfR82M/31q+qoqIMB8GA1UdIwQYMBaAFBQusxe3WFbL
+rlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDov
+L3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5v
+cmcvMBsGA1UdEQQUMBKCEHJhZGl1cy5jM25vYy5uZXQwEwYDVR0gBAwwCjAIBgZn
+gQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC3Pvsk35xNunXyOcW6WPRs
+XfxCz3qfNcSeHQmBJe20mQAAAYlvtIEUAAAEAwBHMEUCIHeErfT3XA+cF+BqBALM
+qfMBQoI65KvOAf4SbJWaWie+AiEA8nS+tlyu54MKThWI0iRkS8Cep/sd77CNAvmA
+nUpQKs8AdgB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYlvtIEr
+AAAEAwBHMEUCIQDhLx7Iv/UWKAFJPDgGS+y0kG3b209CMrSYjNZXMj3mFgIgM0uL
+8V2y76urGRCMZIHRlUNvXEhP6eFW88J11z3zMb8wDQYJKoZIhvcNAQELBQADggEB
+ALZfw3CdzjXP8MfipaXxakYbzBmLAJUpDMn157KQ/cFT6GBXfBvGOXHW5DhyQH+p
+IGzP/Bk2is65hvt6VoLBZY2rVUezgLhBVXU2Hqhn/HxGv4OopUvTocgI4SBQiF9Q
+yS4U4G21EOeWsTlaUIAToJGeK1+IpYCnGQYksvjVJvjLuU5hROhNu/wlTnjoOu4H
+VD44jkyaybNyVbj6bF2O5p/slBuyIaN8z04PEpBns0jhFjCs14VHdT6CdgMbjZyM
+Q0zhbpgsoPPN2UUR2/wvQWjbwUEwLraNhtyJDPRmRudyfIZdb/ehcPDDupGJ2miA
+/N3ophE1YE2sBVQ1C7BMgCg=
+-----END CERTIFICATE-----```
diff --git a/docs/network_dot1x_settings.md b/docs/network_dot1x_settings.md
new file mode 100644
index 0000000000000000000000000000000000000000..1d2802d7a16bcd6485d8c3a653af345438aac3e5
--- /dev/null
+++ b/docs/network_dot1x_settings.md
@@ -0,0 +1,213 @@
+## Android 
+### App 
+You can use our Android App to configure the correct WiFi settings on your Android device. Download it here:
+
+* From Google Playstore: https://play.google.com/store/apps/details?id=nl.eventinfra.wifisetup
+* Source-code: https://github.com/EventInfra/wifisetup
+* APK download: https://eventinfra.org/Camp2023/app-release.apk
+
+### Manually
+If you don't want to use the app, download the [ISRG Root X1](https://letsencrypt.org/certs/isrgrootx1.pem), and [install it](https://support.google.com/pixelphone/answer/2844832) into your device's **Wi-Fi certificate** store, giving it any name you like. Then connect to the **Camp2023** network using the following information:
+
+* EAP method: TTLS *(not TLS)*
+* CA certificate: *(whatever name you gave the ISRG Root X1)*
+* Domain: radius.c3noc.net
+* Identity: camp
+* Password: camp
+
+It's fine to leave **Online Certificate status** as "Do not validate", and leave the **Anonymous identity** blank.
+
+## Linux, etc. 
+### Network Manager 
+You can use the following config file:
+
+Please note that some versions of NM are buggy and will only work with 802.1X using MSCHAPv2, or not at all. If that affects you, it may be easiest to use wpa_supplicant.
+
+/etc/NetworkManager/system-connections/Camp2023:
+
+Hint: chmod 600 this file to make the connection work.
+
+```
+[connection]
+id=Camp2023
+uuid=c80101e2-7b99-4511-846b-2388eb86a5ad
+type=wifi
+permissions=
+secondaries=
+
+[wifi]
+mac-address=42:23:42:23:42:23 <- !! Please change this !!
+mac-address-blacklist=
+mode=infrastructure
+seen-bssids=
+ssid=Camp2023
+
+[wifi-security]
+auth-alg=open
+group=
+key-mgmt=wpa-eap
+pairwise=
+proto=
+
+[802-1x]
+altsubject-matches=DNS:radius.c3noc.net
+ca-cert=/etc/ssl/certs/ISRG_Root_X1.pem
+eap=ttls;
+identity=camp
+password=camp
+phase2-altsubject-matches=
+phase2-auth=pap
+
+[ipv4]
+dns-search=
+method=auto
+
+[ipv6]
+dns-search=
+method=auto
+```
+
+### WiCD 
+You need an additional crypto setting for WiCD. Put this file into /etc/wicd/encryption/templates/eap-ttls (debian systems, might be different with other *nix flavours):
+
+```
+ name = EAP-TTLS Camp2023
+ author = Felicitus
+ require identity *Identity password *password
+ -----
+ ctrl_interface=/var/run/wpa_supplicant
+ network={
+  ssid="Camp2023"
+  scan_ssid=$_SCAN
+  identity="camp"
+  password="camp"
+  proto=WPA2
+  key_mgmt=WPA-EAP
+  group=CCMP
+  pairwise=CCMP
+  eap=TTLS
+  ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"
+  altsubject_match="DNS:radius.c3noc.net"
+  anonymous_identity="$_ANONYMOUS_IDENTITY"
+  phase2="auth=PAP"
+  #priority=2
+ }
+```
+Edit /etc/wicd/encryption/templates/active to include the eap-ttls config template. Restart the WiCD daemon, choose the proper encryption (EAP-TTLS Camp2023) and enter a random username/password.
+
+### Jolla/connman 
+/var/lib/connman/Camp2023wifi.config :
+
+```
+ [service_Camp2023]
+ Type=wifi
+ Name=Camp2023-legacy
+ EAP=ttls
+ Phase2=PAP
+ Identity=camp
+ Passphrase=camp
+```
+
+
+### wpa_supplicant
+This is the default option on Raspberry Pi OS.  Edit /etc/wpa_supplicant/wpa_supplicant.conf and add the network:
+
+```
+ network={
+ 	ssid="Camp2023"
+ 	key_mgmt=WPA-EAP
+ 	eap=TTLS
+ 	identity="camp"
+ 	password="camp"
+ 	# ca path on debian 7.x and raspberry pi OS, modify accordingly
+ 	ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"
+ 	altsubject_match="DNS:radius.c3noc.net"
+ 	phase2="auth=PAP"
+ }
+```
+
+### Interfaces
+As an alternative, you can specify the wpa_supplicant config options directly in /etc/network/interfaces:
+
+```
+ iface wlan0 inet dhcp
+ 	wpa-ssid Camp2023
+ 	wpa-identity camp
+ 	wpa-password camp
+ 	wpa-proto WPA2
+ 	wpa-key_mgmt WPA-EAP
+ 	wpa-group CCMP
+ 	wpa-pairwise CCMP
+ 	wpa-eap TTLS
+ 	wpa-phase2 "auth=PAP"
+ 	wpa-ca_cert "/etc/ssl/certs/ISRG_Root_X1.pem"
+ 	wpa-altsubject_match DNS:radius.c3noc.net
+```
+
+### Netctl
+
+```
+Description='Camp2023 secure WPA2 802.1X config'
+Interface=wls1
+Connection=wireless
+Security=wpa-configsection
+IP=dhcp
+ESSID=Camp2023
+WPAConfigSection=(
+    'ssid="Camp2023"'
+    'proto=RSN WPA'
+    'key_mgmt=WPA-EAP'
+    'eap=TTLS'
+    'identity="camp"'
+    'password="camp"'
+    'ca_cert="/etc/ssl/certs/ISRG_Root_X1.pem"'
+    'altsubject_match="DNS:radius.c3noc.net"'
+    'phase2="auth=PAP"'
+)
+```
+
+### IWD
+```
+[Security]
+EAP-Method=PEAP
+EAP-Identity=anonymous@Camp2023
+EAP-PEAP-CACert=/etc/ssl/certs/ISRG_Root_X1.pem
+EAP-PEAP-ServerDomainMask=radius.c3noc.net
+EAP-PEAP-Phase2-Method=MSCHAPV2
+EAP-PEAP-Phase2-Identity=camp
+EAP-PEAP-Phase2-Password=camp
+
+[Settings]
+AutoConnect=true
+```
+### NixOS
+
+```
+networking.wireless.networks."Camp2023".auth = ''
+  key_mgmt=WPA-EAP
+  eap=TTLS
+  identity="camp"
+  password="camp"
+  ca_cert="${builtins.fetchurl {
+    url = "https://letsencrypt.org/certs/isrgrootx1.pem";
+    sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92";
+  }}"
+  altsubject_match="DNS:radius.c3noc.net"
+  phase2="auth=PAP"
+'';
+```
+
+## Apple MacOS/iOS
+You can use one of these profiles for the correct WiFi-settings for Apple MacOS / iOS:
+
+* [Camp2023](https://eventinfra.org/Camp2023/Camp2023.mobileconfig) (2.4GHz+5GHz, Camp user)
+
+## Windows 
+Import one of these profiles for the correct WiFi-settings for Windows:
+
+* [Camp2023](https://eventinfra.org/Camp2023/Camp2023.xml) (2.4GHz+5GHz)
+
+To import and connect follow these steps:
+
+* Open a command prompt and execute: netsh wlan add profile filename=Camp2023.xml
+* Connect to the Camp2023 network; use "camp/camp" as the username/password when prompted. Alternatively, use "outboundonly/outboundonly" as the username/password to enable inbound traffic firewalling.