The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Claudio Chacon <claudio.chacon AT cedia.org.ec>]

Testing with manually configuration the problem continues, now I changed my certificates to use SHA256, 4096 bit and CRL but the problem with windows 8.1 continues.

This is the public certificate referenced into eap.conf

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=EC, ST=Azuay, L=Cuenca, O=CEDIA, OU=Consorcio Ecuatoriano para el Desarrollo de Internet Avanzado, CN=ca.eduroam.ec/emailAddress=neg AT cedia.org.ec
        Validity
            Not Before: Dec 12 16:13:53 2014 GMT
            Not After : Dec 11 16:13:53 2019 GMT
        Subject: C=EC, ST=Azuay, L=Cuenca, O=CEDIA, OU=Consorcio Ecuatoriano para el Desarrollo de Internet Avanzado, CN=radius.eduroam.cedia.org.ec/emailAddress=neg AT cedia.org.ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (4096 bit)
                Modulus (4096 bit):
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Cert Type:
                SSL Server
            Netscape Comment:
                TinyCA Generated Certificate
            X509v3 Subject Key Identifier:
                F8:E1:5D:C8:7C:BA:CA:DF:B0:8C:31:DA:D0:BB:42:74:3E:C3:E8:BA
            X509v3 Authority Key Identifier:
                keyid:5E:BE:44:BC:E2:6A:9D:C7:8C:38:45:50:CD:72:98:2C:5F:5C:FE:33
                DirName:/C=EC/ST=Azuay/L=Cuenca/O=CEDIA/OU=Consorcio Ecuatoriano para el Desarrollo de Internet Avanzado/CN=ca.eduroam.ec/emailAddress=neg AT cedia.org.ec
                serial:D4:37:71:16:C6:A8:0A:7A

            X509v3 Issuer Alternative Name:
                email:neg AT cedia.org.ec
            X509v3 CRL Distribution Points:
                URI:http://www.eduroam.ec/ca_eduroam.crl
            X509v3 Subject Alternative Name:
                email:neg AT cedia.org.ec
            X509v3 Extended Key Usage:
                1.3.6.1.5.5.7.3.14
    Signature Algorithm: sha256WithRSAEncryption
Modulus=B932C365B252C6D7FA71CDE0860C6B0D9BAB00E2F5318ED5A3CC234D3D8E79B6D16E71B2C989ACFD78FEC2E0036234D89843DDC2F99B88AB283FFDC4DE4621F89EC70754E3E5CDE234A37054A8AB1D0B54577094B43FAAC5128E2A6E1382ED6E3B9B660FDD930161F092C41E3AE2D8069740A8D19659877B7B225D657531D2704BD91EDDAC379EA3B195FFDDF51F822D6FA8AF0D08B3BC22D8763DC5EB533234AA4E74A5DA498835D8DA0BC5E9A6800795309D1091864F7FD832ECD40ABFD9CCB35E7BFB1DD39242AE2B425D3C6F1A341A34F9632588E3B200687A7BD20B1C0F5E7093DCFF9AC23336C3565B607DD0CB66762E5D4B931979C42BDF64AE152EF28CC4CB655BFAE4FD825AA02A88AA91B43A04DE4E7EB2DF50ABAF2D1F46B1176CB1D080CD3CD454C4577DD0973AE9BDD586AF3DEC0D009E87678A9AE1F4CDE82A9BA0EBFF1D48A0999D409976B29B2EAB75292B8738A38DB4B8C2D08C982A0E1B249489BD82E4EE05FF7E0210A4E89F07983F03B8DE8F9FC38ECA31278994D3C727F2CF5205FC2D2AA634147E3D1358731664B092B87E8FD8AE36FF33B6607A5BBE145C1170838F7EEBD2B883766C390C7BD2296E7B3408A1E1DDC6C7D0CB2BB7D2A21510F80D83D1541FAA1F8EDD2B04EDD1E1414E34FA52F0BE14CECF794AB75FBAC78CDE4397D615E0634CEFA2643 6C91918E4D7FA83B1C33B71E11B760CB5


Any idea what else I need to configure on the certificate ?

regards

Claudio

On 25/11/14 02:36, Alan Buxey wrote:

Do your certificates work on win8.1 when the client is manually configured correctly (ie with certificate checking, CN defined, CA checked etc)? as that is what eduroam CAT profile does (if this isn't an installer issue). eg the required windows extensions ate present in the cert, the cert matches recent OS requirements SHA256, 2048 bit, has CRLDP defined for the CA etc

alan


Email secured by Check Point