Skip to Content.

cat-users - Re: [cat-users] EDUROAM CAT misbehaviour?

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [cat-users] EDUROAM CAT misbehaviour?


Chronological Thread 
    < Chronological >      < Thread >
  • From: Rui Ribeiro <Rui.Ribeiro AT iscte.pt>
  • To: Stefan Winter <stefan.winter AT restena.lu>
  • Cc: cat-users AT geant.net, Pedro Simões <psimoes AT fccn.pt>
  • Subject: Re: [cat-users] EDUROAM CAT misbehaviour?
  • Date: Thu, 26 Sep 2013 09:16:43 +0100
  • List-archive: <https://mail.geant.net/mailman/private/cat-users/>
  • List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
Good morning,

Thanks, we had already an early clue from Rory pointing in that
direction, and then also didn´t reply while working on the subject. We
fixed the certificate problem, and manage to produce the setup. We
hare having some problems with iOS, that we are trying to fix, and we
believe is also tried to certificate handling too.

Thanks for the all the support.

Best regards,
Rui

On 26/09/2013, Stefan Winter
<stefan.winter AT restena.lu>
wrote:
> Hello,
>
>> I am the administrator of iscte-iul IdP, together with
>> psimoes AT fccn.pt;
>>
>> We have been trying to setup the EDUROAM CAT; given it the CA file,
>> however when setting up the EAP profiles, it complaints it wasn't
>> given any.
>>
>> I am doing something wrong, or is just a bug?
>
> First off, sorry for not replying earlier.
>
> Then, I think I was able to open your attachment at one point, but today
> it consistently crashes my JPG viewer. :-(
>
> Do I remember correctly that your certificate had a blue circled "I"
> besides it?
>
> If so, then you uploaded an *Intermediate* CA certificate (or even the
> server certificate itself; the current version doesn't distinguish
> these), which is not enough to establish trust on the user device. You
> need to upload the *root* CA certificate (which will have a blue circled
> "R" besides it); and you can optionally upload the intermediates. If you
> don't upload the intermediates, you'll need to send them during the EAP
> conversation along with your RADIUS server certificate.
>
> Note that this is not a CAT bug; CAT merely makes you aware of the fact
> that your EAP properties as uploaded are insufficient for a secure
> deployment. So, it's more like a feature than a bug :-)
>
> Greetings,
>
> Stefan Winter
>
> --
> Stefan WINTER
> Ingenieur de Recherche
> Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
> de la Recherche
> 6, rue Richard Coudenhove-Kalergi
> L-1359 Luxembourg
>
> Tel: +352 424409 1
> Fax: +352 422473
>
> PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
> recipient's key is known to me
>
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
>



Archive powered by MHonArc 2.6.19.

Top of Page