The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Tomasz Wolniewicz <twoln AT umk.pl>]

Hi,
  I have experimented a bit (using EAPlab, of course) with configuring
EAP-TLS on Apple devices, and came up with something that looks like a
bug on iOS.

   It is possible to download a .p12 file containing a user certificate,
which will be installed as an untrusted profile (both iOS and OS X).
Next I install a CAT profile in which I have included two root CAs - one
for my server and the other for the user certificate which was loaded
before. Since this profile is properly signed, my user certificate
automatically becomes trusted. Also this step is identical on both systems.

Next I select my wireless network and connect. Under OS X Iget a pop-up,
where I need to select EAP-TLS (which is silly as my profile already
specified that) and then select the proper certificate form the key
ring. Connection goes smoothly. Under iOS, when I try to connect a
username/password pops up, no EAP-TLS possibility here, the funny thing
is that even if you fill the fields with some values, the "Continue"
button does not become active. It looks as if the system knew that
username and password are of no use, but someone forgot to prompt for
the certificate.

Perhaps it makes sense to report this to Apple, they might fix that and
then we could have a reasonable TLS support in CAT for all Apple systems.

Tomasz


-- 
Tomasz Wolniewicz    
  
twoln AT umk.pl
     http://www.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication
                                      Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750  fax: +48-56-622-1850 tel kom.: +48-693-032-576