The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[José Manuel Macías <jmanuel.macias AT rediris.es>]

Hi Alex,

El 22/10/13 16:56, Alex Sharaz escribió:
> Could you give us some info on the bug in iOS 7?

This was discussed in the list one month ago or so... if things haven't
changed in this time (ie: if Apple did not fixed it) and I'm not
mistaken, this message by Stefan is a very good summary:

8<...
"The profiles definition did not change between iOS 6 and iOS 7, and
many iOS 7 devices continue to work as before.

We have heard repeated reports that there appears to be one bug in iOS 7
which prevents things from working in one specific condition:

If your server certificate is not directly signed by a root CA, but by a
chain with intermediate CAs in between, then

* if the intermediate CA cert is sent in the EAP exchange, it gets
ignored (this is the bug)
* if the intermediate CA cert is among the CAs that are provisioned with
the profile, things work

This bug particularly hits TERENA TCS certificate customers, because
there is a chain to the root certificate at play here.

CAT can halp you overcome this - simply upload the intermediates along
with the root CA; CAT will then install the entire chain.

However, this is not a CAT problem, it's an iOS oddity. In particular,
it does not only affect institutions using CAT; if you create your own
profiles using the Apple Configurator tool you suffer from the same."
...>8

Greetings,

Jose Manuel.