When you connect to a wireless network at a location other than your own institution, your user name and password are sent to your home institution. If you are recognized and approved, it is signalled to the visited institution and you are granted access to the internet.
The communication is encrypted to prevent others from seeing your password. Encryption is done using a so-called server certificate from the server at your institution.
If an IT criminal wants to intercept your communication, he may send a false certificate to your computer or smartphone. If this happens, you will be asked if you want to accept this certificate. Always answer no - even if the certificate has a name that appears trustworthy.
During installation, your device is set up to recognize the certificate from your home institution. If your device does not recognize the certificate, it is an indication that something is wrong.
If you are being asked to approve a certificate to eduroam, you must answer no. Otherwise, you risk that your communications may be intercepted. This enables unauthorized persons to read your e-mail and chat messages, view the pictures you take and grab your passwords.
Your home institution should provide an installer or installation guide to you. It usually happens via eduroam CAT. It is important that you use it, so that security is set up correctly.
Eduroam installation guide for users with account at DeiC: