The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hi,

> One of our client sites is trying to avoid their users being prompted/warned
> unnecessarily during a profile install, where possible. Their SSL 
> certificate
> root CA is "AddTrust External CA Root", which already exists on (all?) 
> Windows
> 7 devices of their users. During the install Win7 generates a prompt, 
> asking if
> the existing root CA of that name should be overwritten.
> 
> Would it be possible to have CAT allow them to download an installer, the
> Windows 7 installer in this case but perhaps others too, without the root
> certificate bundled with it, so that this prompt could be avoided?
> 
> Of course, the assumption here is that their root certificate already exists
> amongst the list of well-known CA's in all (standard) Windows 7 clients - 
> is it
> safe to make that assumption on the basis of exploring just a few standard
> installs of Windows 7?

Thanks for this... we've heard that a couple of times now. This is
really Tomasz's domain of work, but as he's busy the next few days,
here's what I (think I) remember:

Tomasz implemented a sanity check in the beta1 code that would examine
the system before launching the actual install.

One of the checks was whether the CA cert is already present in the
system(or user? or both?) store, and if so skip the installation of the
CA cert.

I believe this would fix the issue you mention. It does not require two
different installers BTW, it's a scripted action in the default one.

You can test this on the new beta1 release - which I hope we can finish
and deploy later this week.

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

Attachment: signature.asc
Description: OpenPGP digital signature