cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Stefan Winter <stefan.winter AT restena.lu>
- To: Michele de Varda <michele.devarda AT unimi.it>, cat-users AT geant.net
- Cc: "eduroam AT unimi.it" <eduroam AT unimi.it>
- Subject: Re: [cat-users] Impossible to download Windows client
- Date: Fri, 7 Aug 2015 16:03:22 +0200
- List-archive: <http://mail.geant.net/pipermail/cat-users/>
- List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
- Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hi,
>> EITHER: define the G5 root variant as the root, and *don't* send the
>> intermediate variant during EAP. This is utterly confusing to the client.
> In this case have I to modify the RADIUS certificate putting only
> server cert +
> intermediate with only Symantec Class 3 Secure Server CA - G4?
>
> On CAT side have I to put only G5 root?
That root, and for Android to work you also need to upload the Symantec
Class 3 Secure Server CA - G4.
That should be it. Please check if the warnings are then going away :-)
Stefan
>
>>
>> OR: define the "Primary CA" as the root, and include the G5 intermediate
>> variant in CAT config and EAP. Do not send the G5 root variant in the
>> EAP conversation then.
> I put the "Class 3 Public Primary Certification Authority" root
> certificate on cat configuration (see attached file
> CAT_certificate_not_working.jpg).
> Android seems to work but in the Wi-Fi config I see "certificate not
> specified", Windows 7 doesn't work and when I run cat conf tool I see a
> message that I have never seen with the old confs (see CAT_message.jpg).
> In this case I didn't touch the RADIUS server certificate.
>
>>
>> (in both cases, of course continue to send the G4 intermediate)
>>
>> This is mostly a mess on VeriSign's side - but you need to be cautious,
>> too. "More helps more" does not apply to PKI certificates. You need to
>> send a consistent message. Superfluous items are okay (for most client
>> devices), but *conflicting ones* are not.
> You are right, I hope to not have conflicting items :-)
>
>>
>> Greetings,
>>
>> Stefan Winter
>>
>
> Thanks a lot,
>
> Michele
>
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Attachment:
0x8A39DC66.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 08/07/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 08/07/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 08/07/2015
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 08/07/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 08/07/2015
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 08/11/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 08/11/2015
- Re: [cat-users] Impossible to download Windows client, A . L . M . Buxey, 08/11/2015
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 08/11/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 08/07/2015
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 08/07/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 08/07/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 08/07/2015
Archive powered by MHonArc 2.6.19.