The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Tomasz Wolniewicz <twoln AT umk.pl>]

There are some arguments for uploading the whole chain to the device and
then only sending the server cert for verification, but I do not buy
them. For me the proper way is for the server to present the entire
chain (without the root cert) and the device to hold the root only.

CAT allows for uploading the whole chain, but my suggestion would be to
restrict oneself to the root only.

Tomasz


W dniu 2015-09-14 o 13:47, 
A.L.M.Buxey AT lboro.ac.uk
 pisze:
> Hi,
>
>>    The Android app (uk.ac.swansea.eduroamcat) does a poor job for the easy
>>    transition. Instead of configuring every cert included in the profile it
>>    just took the first (the old) path and ignored the other root CA.
>>    Have we done something wrong regarding the CA paths and the app? Is this
>>    the expected behaviour? Or is it a bug?
> known issue IIRC - the API only allows the injection of one root CA. 
>
>
> alan
>

-- 
Tomasz Wolniewicz    
          
twoln AT umk.pl
        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576