Skip to Content.

cat-users - Re: [cat-users] Issues with IOS7

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [cat-users] Issues with IOS7


Chronological Thread 
    < Chronological >      < Thread >
  • From: Stefan Winter <stefan.winter AT restena.lu>
  • To: Phillip Noret <P.Noret AT yorksj.ac.uk>
  • Cc: "'cat-users AT geant.net'" <cat-users AT geant.net>
  • Subject: Re: [cat-users] Issues with IOS7
  • Date: Fri, 27 Sep 2013 11:51:05 +0200
  • List-archive: <https://mail.geant.net/mailman/private/cat-users/>
  • List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
  • Openpgp: id=8A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hi Phillip,

> Unfortunately, he tool no longer works with Apple devices running iOS7.
> I can confirm the tools built with our configuration works with devices
> running iOS6.
>
> Although this may not be a problem with the configuration tools, I was
> emailing to see if any other institutions have experienced problems with
> Apple iOS 7 devices? If you can help, I am happy to send log files if
> required

Let me copy and paste from the last iteration of this question here on
the list a few hours ago:

"The profiles definition did not change between iOS 6 and iOS 7, and
many iOS 7 devices continue to work as before.

We have heard repeated reports that there appears to be one bug in iOS 7
which prevents things from working in one specific condition:

If your server certificate is not directly signed by a root CA, but by a
chain with intermediate CAs in between, then

* if the intermediate CA cert is sent in the EAP exchange, it gets
ignored (this is the bug)
* if the intermediate CA cert is among the CAs that are provisioned with
the profile, things work

This bug particularly hits TERENA TCS certificate customers, because
there is a chain to the root certificate at play here.

CAT can halp you overcome this - simply upload the intermediates along
with the root CA; CAT will then install the entire chain.

However, this is not a CAT problem, it's an iOS oddity. In particular,
it does not only affect institutions using CAT; if you create your own
profiles using the Apple Configurator tool you suffer from the same."

Greetings,

Stefan Winter

>
>
>
> Kind Regards
>
>
>
> Phillip Noret
>
> Systems Specialist
>
> Information Learning Services
>
> York St John University
>
>
>
> e:
> _p.noret AT yorksj.ac.uk
>
> <mailto:p.noret AT yorksj.ac.uk>_
>
> w: w3.yorksj.ac.uk <http://w3.yorksj.ac.uk/>
>
>
>
>
>
>
>
> /This email and any files transmitted with it were intended solely for
> the addressee. If you have received this email in error please let the
> sender know by return./
>
> /Please think before you print./
>


--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature


Archive powered by MHonArc 2.6.19.

Top of Page