cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Kari Klesh <Kari.Klesh AT ufv.ca>
- To: "'A.L.M.Buxey AT lboro.ac.uk'" <A.L.M.Buxey AT lboro.ac.uk>
- Cc: "'cat-users AT geant.net'" <cat-users AT geant.net>
- Subject: Re: [cat-users] Certificate Validation Issue
- Date: Fri, 25 Jul 2014 15:07:46 +0000
- Accept-language: en-GB, en-US
- List-archive: <http://mail.geant.net/pipermail/cat-users/>
- List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
Appreciate your time and confirmation that we are on the right track. I have
no knowledge of the RADIUS config or changes that may have occurred recently,
hence the blind stab in the dark by contacting you.
I have since put out a request to our federation admin, for assistance. Thank
you very much for your reply.
Regards,
Kari
-----Original Message-----
From:
A.L.M.Buxey AT lboro.ac.uk
[mailto:A.L.M.Buxey AT lboro.ac.uk]
Sent: July-25-14 1:14 AM
To: Kari Klesh
Cc:
'cat-users AT geant.net'
Subject: Re: [cat-users] Certificate Validation Issue
Hi,
> "Found Error Schannel 36882
> The certificate received from the remote server was issued by an
> untrusted
> certificate authority. Because of this, none of the data contained in the
> certificate can be validated. The SSL connection request has failed. The
> attached data contains the server certificate."
sounds like your eduroamCAT profile doesnt have the correct CA (or complete
intermediate chain) that matches what your RADIUS server is handing out. has
there been a change of certs at the RADIUS end?
> I see there is a way to verify the radius setup that will also test our
> cert chain, but we don't have our admin's login to the portal.
> Assuming that this verifies what we suspect, the next issue is we do not
> have access to the Radius server to fix the certificate chain issue.
well, without admin access to either then nothing can be fixed...unless you
are asking for the main eduroamCAT adminstration team to play around with
your profile (I'm not sure they would be up for that - its quite easy to grab
the CA/intermediates via a request to your realm but theres no guarantee that
the RADIUS server is right (the eduroamCAT might have the correct profile but
theres been a mistake on your RADIUS server config)
I see your RADIUS cert as
/C=CA/ST=BC/O=UFV/CN=idp.ufv.ca/emailAddress=info AT ufv.ca
....and thats interesting as your CA (and intermediates if any) doesnt appear
to be handed out by the RADIUS server...thats
"C=CA, ST=BC, L=Abbotsford,
O=UFV/emailAddress=info AT ufv.ca,
CN=UFV SelfSigned CA Authority"
alan
- [cat-users] Certificate Validation Issue, Kari Klesh, 07/24/2014
- Re: [cat-users] Certificate Validation Issue, Stefan Winter, 07/25/2014
- Re: [cat-users] Certificate Validation Issue, A . L . M . Buxey, 07/25/2014
- Re: [cat-users] Certificate Validation Issue, Kari Klesh, 07/25/2014
Archive powered by MHonArc 2.6.19.