cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Stefan Winter <stefan.winter AT restena.lu>
- To: cat-users AT geant.net
- Subject: Re: [cat-users] Certificate Validation Issue
- Date: Fri, 25 Jul 2014 08:03:24 +0200
- List-archive: <http://mail.geant.net/pipermail/cat-users/>
- List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
- Openpgp: id=8A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hi,
I've replied to this request off-list. For the benefit of those who
might find themselves in a similar situation:
The best way is to contact your eduroam National Roaming Operator. As a
federation admin, he has some extended powers over his national CAT
entries. He can either send you an invite if he's sure about your
identity and authorisation, so that you can subsequently change entries
as needed; or he can use the "take control" button to become an IdP
admin himself. He could then run those realm checks to verify if/what is
wrong.
Greetings,
Stefan Winter
On 25.07.2014 00:26, Kari Klesh wrote:
> Hello,
>
>
>
> In the absence of our Institution’s eduroam CAT admin, we are seeking
> assistance with a recent issue.
>
> Shane Schlosser is our admin at the University of the Fraser Valley and
> is off enjoying summer with his family. Sure enough, new Windows device
> users are now reporting certificate validation issues when using the CAT
> tool. Specifically:
>
> “Found Error Schannel 36882
> The certificate received from the remote server was issued by an
> untrusted certificate authority. Because of this, none of the data
> contained in the certificate can be validated. The SSL connection
> request has failed. The attached data contains the server certificate."
>
>
>
> We are aware that they can use the network by not validating the
> certificate, but we want to re-establish security as soon as possible.
> Waiting 3 weeks for the return of our admin seems too long.
>
>
>
> I see there is a way to verify the radius setup that will also test our
> cert chain, but we don’t have our admin’s login to the portal.
>
> https://wiki.terena.org/display/H2eduroam/A+guide+to+eduroam+CAT+for+institution+administrators#AguidetoeduroamCATforinstitutionadministrators-VerifyingmyRADIUSsetup
>
> and
>
> https://wiki.terena.org/display/H2eduroam/A+guide+to+eduroam+CAT+for+institution+administrators#AguidetoeduroamCATforinstitutionadministrators-Step2:HowtologintoeduroamCAT?
>
>
>
> Assuming that this verifies what we suspect, the next issue is we do not
> have access to the Radius server to fix the certificate chain issue.
>
> If I am making any sense at all I would appreciate any advice you have
> for proceeding with out our CAT admin.
>
>
>
> Please and thank you,
>
> Kari
>
>
>
> *Kari Klesh | Analyst, IT Systems*
>
> *Information Technology Services | University of the Fraser Valley*
>
> Kari.Klesh AT ufv.ca
>
> <mailto:Kari.Klesh AT ufv.ca>
> | 604-557-4003
>
> _http://ehelpdesk.ufv.ca <http://ehelpdesk.ufv.ca/>_| _http://www.ufv.ca
> <http://www.ufv.ca/>_
>
>
>
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Attachment:
0x8A39DC66.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
- [cat-users] Certificate Validation Issue, Kari Klesh, 07/24/2014
- Re: [cat-users] Certificate Validation Issue, Stefan Winter, 07/25/2014
- Re: [cat-users] Certificate Validation Issue, A . L . M . Buxey, 07/25/2014
- Re: [cat-users] Certificate Validation Issue, Kari Klesh, 07/25/2014
Archive powered by MHonArc 2.6.19.