cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Michele de Varda <michele.devarda AT unimi.it>
- To: Stefan Winter <stefan.winter AT restena.lu>, cat-users AT geant.net
- Cc: "eduroam AT unimi.it" <eduroam AT unimi.it>
- Subject: Re: [cat-users] Impossible to download Windows client
- Date: Tue, 11 Aug 2015 11:32:14 +0200
- List-archive: <http://mail.geant.net/pipermail/cat-users/>
- List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
Dear Stefan,
thank you for your help, this configuration seems to work :-)
I have installed on the CAT configuration the Root and the G4 Intermediate certificates (see screenshot) and the Class 3 G4 certificate on the RADIUS server.
I have a question: during the installation of a CAT profile on an Android KitKat device the installer didn't complete the installation and appeared a warning message like this "You have to set a pin code for the password manager..."
Is it a normal behavior?
Thanks again,
Michele
On 08/07/2015 04:03 PM, Stefan Winter wrote:
Hi,
That root, and for Android to work you also need to upload the SymantecEITHER: define the G5 root variant as the root, and *don't* send theIn this case have I to modify the RADIUS certificate putting only
intermediate variant during EAP. This is utterly confusing to the client.
server cert +
intermediate with only Symantec Class 3 Secure Server CA - G4?
On CAT side have I to put only G5 root?
Class 3 Secure Server CA - G4.
That should be it. Please check if the warnings are then going away :-)
Stefan
OR: define the "Primary CA" as the root, and include the G5 intermediateI put the "Class 3 Public Primary Certification Authority" root
variant in CAT config and EAP. Do not send the G5 root variant in the
EAP conversation then.
certificate on cat configuration (see attached file
CAT_certificate_not_working.jpg).
Android seems to work but in the Wi-Fi config I see "certificate not
specified", Windows 7 doesn't work and when I run cat conf tool I see a
message that I have never seen with the old confs (see CAT_message.jpg).
In this case I didn't touch the RADIUS server certificate.
(in both cases, of course continue to send the G4 intermediate)You are right, I hope to not have conflicting items :-)
This is mostly a mess on VeriSign's side - but you need to be cautious,
too. "More helps more" does not apply to PKI certificates. You need to
send a consistent message. Superfluous items are okay (for most client
devices), but *conflicting ones* are not.
Greetings,Thanks a lot,
Stefan Winter
Michele
--
Michele de Varda
Università degli Studi di Milano
Divisione Telecomunicazioni
via G. Colombo 46
20133 Milano
Tel. 02 50315306
Attachment:
CAT_working_with_Android.jpg
Description: JPEG image
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 08/07/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 08/07/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 08/07/2015
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 08/07/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 08/07/2015
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 08/11/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 08/11/2015
- Re: [cat-users] Impossible to download Windows client, A . L . M . Buxey, 08/11/2015
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 08/11/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 08/07/2015
- Re: [cat-users] Impossible to download Windows client, Michele de Varda, 08/07/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 08/07/2015
- Re: [cat-users] Impossible to download Windows client, Stefan Winter, 08/07/2015
Archive powered by MHonArc 2.6.19.