cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [cat-users] iphone problem

From: Stefan Winter <stefan.winter AT restena.lu>
To: "Angel, Judy" <admyet4 AT herts.ac.uk>
Cc: "cat-users AT geant.net" <cat-users AT geant.net>, Mailcon2 <e.4.test AT herts.ac.uk>
Subject: Re: [cat-users] iphone problem
Date: Wed, 19 Jun 2013 10:06:36 +0200
List-archive: <https://mail.geant.net/mailman/private/cat-users/>
List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>

Hi,

> Problem resolved once the radius server certificate was the Terena
> certificate, matching the one uploaded to cat, which was generated on a
> solaris box by default now SHA-1.
> Thank you very much for all your assistance. The tool is going to make
> eduroam world a better place and will enable rollout to the whole campus.
> Much appreciated.

Further to this, I have worked on eduroam CAT's "trunk" code which will
eventually become 1.1. During the reachability checks, it can now
inspect the server cert much more thoroughly. The list of error
conditions now reported about are:

CERTPROB_ROOT_INCLUDED
CERTPROB_TOO_MANY_SERVER_CERTS
CERTPROB_NO_SERVER_CERT
CERTPROB_MD5_SIGNATURE_SERVER
CERTPROB_MD5_SIGNATURE_INTERMEDIATE
CERTPROB_NO_TLS_WEBSERVER_OID
CERTPROB_NO_CDP_URL
CERTPROB_NO_CRL_AT_CDP_URL

and will be complemented later by the check whether the server cert
actually matches the root cert that was uploaded to CAT.

Greetings,

Stefan Winter

Attachment: signature.asc
Description: OpenPGP digital signature

Re: [cat-users] iphone problem, (continued)