cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [cat-users] Server certificate transition in Android

From: A.L.M.Buxey AT lboro.ac.uk
To: Tomasz Wolniewicz <twoln AT umk.pl>
Cc: "cat-users AT geant.net" <cat-users AT geant.net>
Subject: Re: [cat-users] Server certificate transition in Android
Date: Mon, 14 Sep 2015 12:05:08 +0000
List-archive: <http://mail.geant.net/pipermail/cat-users/>
List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>

Hi,

> There are some arguments for uploading the whole chain to the device and
> then only sending the server cert for verification, but I do not buy
> them. For me the proper way is for the server to present the entire
> chain (without the root cert) and the device to hold the root only.
>
> CAT allows for uploading the whole chain, but my suggestion would be to
> restrict oneself to the root only.

in this case 2 roots needed to be added as there was a server transition.
I get the use case.....we did the same a couple of years back.

alan

[cat-users] Server certificate transition in Android, Alberto Martínez, 09/14/2015
- Re: [cat-users] Server certificate transition in Android, A . L . M . Buxey, 09/14/2015
  - Re: [cat-users] Server certificate transition in Android, Tomasz Wolniewicz, 09/14/2015
    - Re: [cat-users] Server certificate transition in Android, A . L . M . Buxey, 09/14/2015
      - Re: [cat-users] Server certificate transition in Android, Ayres G . J ., 09/14/2015
        
        Re: [cat-users] Server certificate transition in Android, Alberto Martínez, 09/14/2015
        
        Re: [cat-users] Server certificate transition in Android, Tomasz Wolniewicz, 09/14/2015