Install eduroam for iwd using Arch's DigiCertCA (utu.fi)

eduroam-iwd.sh

#!/bin/sh
echo "This tool will install eduroam for iwd. It will overwrite /var/lib/iwd/eduroam.8021x"

echo -n "Enter eduroam username (with domain): "
read user
echo -n "Enter eduroam password: "
read -s pass

echo
echo "Using sudo to write /var/lib/iwd/eduroam.8021x..."

echo "[Security]
EAP-Method=PEAP
EAP-Identity=$user
EAP-PEAP-CACert=/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.pem
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=${user}
EAP-PEAP-Phase2-Password=${pass}
" | sudo tee /var/lib/iwd/eduroam.8021x 1>/dev/null && echo "OK"

The correct certificate authority file can be extracted from the end of the python installation file downloadable from https://cat.eduroam.org/
I noticed utu.fi cert file (DigiCert CA) is already installed on my system, so I used that directly for EAP-PEAP-CACert.