cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Tomasz Wolniewicz <twoln AT umk.pl>
- To: Jacques ROGNIN <rognin AT essec.edu>
- Cc: cat-users AT geant.net
- Subject: Re: [cat-users] CAT 1.1 Issues
- Date: Thu, 28 May 2015 15:42:53 +0200
- List-archive: <http://mail.geant.net/pipermail/cat-users/>
- List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
Hi Jacques,
W dniu 2015-05-28 o 15:18, Jacques ROGNIN pisze:
> You are right Thomasz !
> A reload changes the look ::
> ...... but doesn't fix my problem :-/
The warning returned states, as you probably realise yourself, that your
server does not add an intermediate CAs to the EAP exchange.
The intermediate CAs are loaded into the CAT profile so the validation
is possible but this setup may be a potential problem for your users,
for instance for those who configure their devices manually. To make a
secure configuration they just need to point to the Symantec root CA and
input the names of your servers, however when they connect to your
server it will not be possible to verify its certificate since the
certification chain will not be complete.
Since you have all intermediates in CAT profiles, installations done
with CAT installers should work properly as they install the
intermediate CAs, but looking form the point of view of RADIUS setup,
the current configuration at least requires a warning.
>From the CAT side all is fine, the problem you are left with is how to
push the CAs into the FreeRADIUS configuration, therefore you should
look up help from FreeRADIUS experts. Many of them are also on this list
so perhaps someone will suggest a solution.
Cheers
Tomasz
--
Tomasz Wolniewicz
twoln AT umk.pl
http://www.home.umk.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
- [cat-users] CAT 1.1 Issues, Jacques ROGNIN, 05/27/2015
- Re: [cat-users] CAT 1.1 Issues, Stefan Winter, 05/27/2015
- Re: [cat-users] CAT 1.1 Issues, Stefan Winter, 05/27/2015
- Re: [cat-users] CAT 1.1 Issues, Jacques ROGNIN, 05/28/2015
- Re: [cat-users] CAT 1.1 Issues, Tomasz Wolniewicz, 05/28/2015
- Re: [cat-users] CAT 1.1 Issues, Jacques ROGNIN, 05/28/2015
- Re: [cat-users] CAT 1.1 Issues, Tomasz Wolniewicz, 05/28/2015
- Re: [cat-users] CAT 1.1 Issues, Jacques ROGNIN, 05/28/2015
- Re: [cat-users] CAT 1.1 Issues, Tomasz Wolniewicz, 05/28/2015
- Re: [cat-users] CAT 1.1 Issues, Jacques ROGNIN, 05/28/2015
- Re: [cat-users] CAT 1.1 Issues, Tomasz Wolniewicz, 05/28/2015
- Re: [cat-users] CAT 1.1 Issues, Jacques ROGNIN, 05/28/2015
- Re: [cat-users] CAT 1.1 Issues, Stefan Winter, 05/29/2015
- Re: [cat-users] CAT 1.1 Issues, Jacques ROGNIN, 05/28/2015
- Re: [cat-users] CAT 1.1 Issues, Tomasz Wolniewicz, 05/28/2015
- Re: [cat-users] CAT 1.1 Issues, Jacques ROGNIN, 05/28/2015
- Re: [cat-users] CAT 1.1 Issues, Tomasz Wolniewicz, 05/28/2015
- Re: [cat-users] CAT 1.1 Issues, Jacques ROGNIN, 05/28/2015
Archive powered by MHonArc 2.6.19.