Skip to Content.

cat-users - [cat-users] Realm connectivity test - unable to verify certificate

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


[cat-users] Realm connectivity test - unable to verify certificate


Chronological Thread 
    < Chronological >      < Thread >
  • From: Deyan Stoykov <dstoykov AT uni-ruse.bg>
  • To: cat-users AT geant.net
  • Subject: [cat-users] Realm connectivity test - unable to verify certificate
  • Date: Thu, 25 Jun 2015 13:27:51 +0300
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass header.i= AT uni-ruse.bg
  • List-archive: <http://mail.geant.net/pipermail/cat-users/>
  • List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
  • Organization: University of Ruse
Hi all,
Since the upgrade to CAT 1.1 I'm getting the following message when performing a realm connectivity test from our IdP admin page:

{red icon} The server certificate could not be verified to the root CA you configured in your profile!

I'm pretty sure our certificate setup is fine and none of the supplicants set up by CAT have any problems verifying the certificate.

Since first noticing this I have reissued the server certificate and included the authorityKeyIdentifier extension, but that didn't make a difference.

We are using a using a private CA exclusively for eduroam, based on the .cnf files shipped with FreeRADIUS 3, modified in accordance with the EAP certificate recommendations in the wiki.

If someone is interested in looking into this, I can provide more info.
Best regards,
Deyan

--
Deyan Stoykov,
dstoykov AT uni-ruse.bg
ICT department
University of Ruse



Archive powered by MHonArc 2.6.19.

Top of Page