The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hello,

> I am the administrator of iscte-iul IdP, together with 
> psimoes AT fccn.pt;
> 
> We have been trying to setup the EDUROAM CAT; given it the CA file,
> however when setting up the EAP profiles, it complaints it wasn't
> given any.
> 
> I am doing something wrong, or is just a bug?

First off, sorry for not replying earlier.

Then, I think I was able to open your attachment at one point, but today
it consistently crashes my JPG viewer. :-(

Do I remember correctly that your certificate had a blue circled "I"
besides it?

If so, then you uploaded an *Intermediate* CA certificate (or even the
server certificate itself; the current version doesn't distinguish
these), which is not enough to establish trust on the user device. You
need to upload the *root* CA certificate (which will have a blue circled
"R" besides it); and you can optionally upload the intermediates. If you
don't upload the intermediates, you'll need to send them during the EAP
conversation along with your RADIUS server certificate.

Note that this is not a CAT bug; CAT merely makes you aware of the fact
that your EAP properties as uploaded are insufficient for a secure
deployment. So, it's more like a feature than a bug :-)

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature