The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Alberto Martínez <alberto_martinez AT deusto.es>]

Thanks to all for your answers.

I'm glad that the issue is known -- I just wanted to get back to you CAT developers and tell the story.

@Tomasz Uploading just the root cert to CAT means that the client<->server trust check takes more roundtrips, though it is easier to make changes on the trust path later. Are there security concerns about uploading the whole CA chain?

2015-09-14 14:32 GMT+02:00 Ayres G.J. <g.j.ayres AT swansea.ac.uk>:

Hi,

> in this case 2 roots needed to be added as there was a server transition.
> I get the use case.....we did the same a couple of years back.

Yea, it is a feature request that's on the list, but it depends upon some prerequisites.

Android can only take one CA Cert on a EAP profile at a time, but the app itself could hold more than one profile.
If it knew when a profile changes or expired, it could then apply the alternative profile.

I hope future releases will soon move towards this.

Gareth

--

Alberto Martínez Setién
Middleware
Comunicación y Sistemas
Servicio Informático
Universidad de Deusto
Avda. de las Universidades, 24
48007 - Bilbao (SPAIN)
Phone: +34 94 413 90 00 Ext. 2684
Fax: +34 94 413 91 01