cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Stefan Winter <stefan.winter AT restena.lu>
- To: Michele de Varda <michele.devarda AT unimi.it>, "Ayres G.J." <g.j.ayres AT swansea.ac.uk>
- Cc: "'cat-users AT geant.net'" <cat-users AT geant.net>, "eduroam AT unimi.it" <eduroam AT unimi.it>
- Subject: Re: [cat-users] Impossible to download Windows client
- Date: Fri, 26 Jun 2015 11:17:48 +0200
- List-archive: <http://mail.geant.net/pipermail/cat-users/>
- List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
- Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hello,
I have just tested your realm against the Verisign root and everything
works just fine.
There is not a single warning or error in the realm checks.
Could you verify if you still have an issue?
Greetings,
Stefan Winter
On 25.06.2015 15:44, Michele de Varda wrote:
> Hi Gareth,
> thank you for your answer.
>
> In the Radius server we installed both server certificate (in attach
> our eap.conf file):
> /[root@nekkar Verisign-Cert]# openssl x509 -noout -text -in
> eduroam_unimi_it.crt //
> //Certificate://
> // Data://
> // Version: 3 (0x2)//
> // Serial Number://
> // 35:b3:75:3d:94:03:f3:cb:e6:44:a1:bc:9d:bb:1a:ed//
> // Signature Algorithm: sha256WithRSAEncryption//
> // Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust
> Network, CN=Symantec Class 3 Secure Server CA - G4//
> // Validity//
> // Not Before: Mar 2 00:00:00 2015 GMT//
> // Not After : Mar 2 23:59:59 2017 GMT//
> // Subject: C=IT, ST=Milano, L=Milano, O=Universita' degli Studi
> di Milano, OU=Div. Telecomunicazioni, CN=eduroam.unimi.it//
> // Subject Public Key Info://
> // Public Key Algorithm: rsaEncryption//
> // RSA Public Key: (2048 bit)//.........
>
> /and chain file certificate:/
>
> [root@nekkar Verisign-Cert]# openssl x509 -noout -text -in
> eduroam_chain.crt
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> 51:3f:b9:74:38:70:b7:34:40:41:8d:30:93:06:99:ff
> Signature Algorithm: sha256WithRSAEncryption
> Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network,
> OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class
> 3 Public Primary Certification Authority - G5
> Validity
> Not Before: Oct 31 00:00:00 2013 GMT
> Not After : Oct 30 23:59:59 2023 GMT
> Subject: C=US, O=Symantec Corporation, OU=Symantec Trust
> Network, CN=Symantec Class 3 Secure Server CA - G4
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> RSA Public Key: (2048 bit).......
>
> Also in the CAT configuration we put root certificate and chain file
> (see attached screenshot). Initially in the cat conf we put only the
> root certificate and it worked fine only with Windows and iOS, but
> didn't work with MAC OS X, so we put the chain ca file./
> //Do you have any suggestions/?
>
> Thank you again,
>
> Michele
>
> /
>
>
> On 06/25/2015 02:41 PM, Ayres G.J. wrote:
>>
>> Hi,
>>
>>
>>
>> I have tested your eap-config and it looks like it parses OK, and
>> installs a Verisign CA Cert:
>>
>> CERT Subject=CN=VeriSign Class 3 Public Primary Certification
>> Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use
>> only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
>>
>> Is this the correct CA cert you have configured in your radius setup?
>>
>>
>>
>> You have a certificate chain present, so you need to ensure your
>> radius server is sending the intermediates.
>>
>> I think you can test this via cat.eduroam.org site using the realm check.
>>
>> Can you test this please?
>>
>>
>>
>> Thanks,
>>
>> Gareth Ayres.
>>
>>
>>
>> *From:*Michele de Varda
>> [mailto:michele.devarda AT unimi.it]
>> *Sent:* 25 June 2015 12:56
>> *To:*
>> cat-users AT geant.net
>> *Cc:* Claudio Lori
>> *Subject:* Re: [cat-users] Impossible to download Windows client
>>
>>
>>
>> Today the Windows CAT download for Univ. degli Studi di Milano seems ok.
>>
>> The configuration for Android is still not working: we tested
>> eduroamCAT app 1.0.16 only with 2 kitkat 4.4 devices and we obtain the
>> RADIUS TLS error (unknown CA):
>> /Thu Jun 25 13:44:10 2015 : Auth: Login incorrect (TLS Alert
>> read:fatal:unknown CA):
>> [//michele.devarda AT unimi.it/
>> <mailto:michele.devarda AT unimi.it>/]
>> (from client IAM2 port 109 cli
>> b4:30:52:28:38:d2)/
>>
>> The CA config. works fine with WIndows, Mac and iOS systems.
>> I attached an app screenshot, I don't know if is it possible copy and
>> past the complete WiFi Logs from EduroamCAT App.
>>
>>
>> Thank you for your support,
>>
>> Michele de Varda
>>
>> On 06/24/2015 05:12 PM, Michele de Varda wrote:
>>
>> Dear CAT developers,
>>
>> I'm the CAT admin for Univ. of Milan.
>> Today I did some tests changing our CA chain because the CAT
>> Android client doesn't work for our university, this is the RADIUS
>> log:
>> /Wed Jun 24 11:33:02 2015 : Auth: Login incorrect (TLS Alert
>> read:fatal:unknown CA):
>> [//michele.devarda AT unimi.it/
>>
>> <mailto:michele.devarda AT unimi.it>/]/
>>
>> Now we can not download Windows configuration, we receive this
>> message:
>> /"This is embarrassing. Generation of your installer failed.
>> System admins have been notified. We will try to take care of the
>> problem as soon as possible."/
>>
>> Can you help us?
>>
>> Thank you for your great job
>>
>>
>> Michele de Varda
>>
>>
>>
>> Università degli Studi di Milano
>>
>> Divisione Telecomunicazioni
>>
>> via G. Colombo 46
>>
>> 20133 Milano
>>
>> Tel. 02 50315306
>>
>
> --
> Michele de Varda
>
> Università degli Studi di Milano
> Divisione Telecomunicazioni
> via G. Colombo 46
> 20133 Milano
> Tel. 02 50315306
>
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Attachment:
0x8A39DC66.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
- [cat-users] Impossible to download Windows client, Michele de Varda, 06/24/2015
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 06/25/2015
- Re: [cat-users] Impossible to download Windows client, Ayres G . J ., 06/25/2015
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 06/25/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 06/26/2015
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 06/26/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 06/26/2015
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 06/26/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 06/26/2015
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 06/26/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 06/26/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 06/26/2015
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 06/26/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 06/26/2015
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 06/25/2015
- Re: [cat-users] Impossible to download Windows client, Ayres G . J ., 06/25/2015
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 06/25/2015
Archive powered by MHonArc 2.6.19.