cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Stefan Winter <stefan.winter AT restena.lu>
- To: fran AT ugr.es, josu.gil AT ehu.es
- Cc: cat-users AT geant.net
- Subject: Re: [cat-users] CAT and iOS 7 profile
- Date: Thu, 03 Oct 2013 10:41:04 +0200
- List-archive: <https://mail.geant.net/mailman/private/cat-users/>
- List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
- Openpgp: id=8A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hi,
> Well, in our CAT progile we have the Root CA at IdP level configuration
> (EAP global config), and we've added the rest of chain certs at profile
> level configuration (profile EAP options).
> I don't know if order matters, because in any case, our modified
> installers doesn't have any cert selected (root or intermediate).
>
> Thanks for your information.
Ah, that's the problem. This is not a bug in the software.
When you set up a CA on the IdP level, it will be used for all your
profiles UNLESS you override the CA list inside a profile itself. In
that case, only the more specific profile-level CAs are installed. (i.e.
your profile-level settings mask the IdP wide ones)
In your case, these profile-level CAs are only intermediates, and no
root. Consequently, no root CA gets activated.
You should either add the intermediates IdP-wide, or add the root CA
also on the profile level.
Greetings,
Stefan Winter
>
> Greetings.
>
> El 03/10/2013 8:44, Josu Gil Arriortua escribió:
>>
>> Hi all,
>>
>>
>> I don't know it this is general or only occurs in our CAT profile.
>> We've just follow the option of include all chain certificates
>> (TERENA certs) in CAT profile.
>> With this, our iOS 7 users can connect to eduroam, but after that,
>> we have a side effect with windows installers.
>> In windows 8 the root CA authority is installed but is not selected.
>> In the same way, when using the W7,WXP installers (securew2) the CA
>> box is empty.
>> Before we made this change, all was ok.
>>
>> Anybody has the same symptom?
>>
>>
>> We have no problem here in the UPV/EHU, maybe the order of the
>> certificates matters? We have first root then the intermediates.
>>
>>
>> Greetings,
>>
>> Josu Gil
>> UPV/EHU
>
>
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Attachment:
0x8A39DC66.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
- [cat-users] CAT and iOS 7 profile, Francisco J. Medina Jiménez, 10/02/2013
- Re: [cat-users] CAT and iOS 7 profile, Tomasz Wolniewicz, 10/02/2013
- Re: [cat-users] CAT and iOS 7 profile, Josu Gil Arriortua, 10/03/2013
- Re: [cat-users] CAT and iOS 7 profile, Francisco J. Medina Jiménez, 10/03/2013
- Re: [cat-users] CAT and iOS 7 profile, Tomasz Wolniewicz, 10/03/2013
- Re: [cat-users] CAT and iOS 7 profile, Stefan Winter, 10/03/2013
- Re: [cat-users] CAT and iOS 7 profile, Francisco J. Medina Jiménez, 10/03/2013
- Re: [cat-users] CAT and iOS 7 profile, José Manuel Macías, 10/03/2013
- Re: [cat-users] CAT and iOS 7 profile, Stefan Winter, 10/03/2013
- Re: [cat-users] CAT and iOS 7 profile, Francisco J. Medina Jiménez, 10/03/2013
Archive powered by MHonArc 2.6.19.