Skip to Content.

cat-users - Re: [[cat-users]] Problem of Eduroam - System OS X El Capitan

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [[cat-users]] Problem of Eduroam - System OS X El Capitan


Chronological Thread 
    < Chronological >      < Thread >
  • From: Stefan Winter <stefan.winter AT restena.lu>
  • To: ICHRAK TOUMI <toumi AT lma.cnrs-mrs.fr>, cat-users AT lists.geant.org
  • Subject: Re: [[cat-users]] Problem of Eduroam - System OS X El Capitan
  • Date: Tue, 8 Dec 2015 12:46:00 +0100
  • Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hello,

> I am a researcher from the LMA Laboratory: CNRS- Campus de Marseille
> Joseph- Aiguier.
> I have done an update to OS X El Capitan and since that, the Eduroam
> didn’t work. I have seen that it is a problem related to the certificate
> so i downloaded a new eduroam certificate for El Capitan and installed
> it but i still get problem. Here is a screenshot of the error, it says:
>
> « failure of the authentication on the network » : the identity of the
> authentication server could not be established. Contact your network
> administrator to check your configuration settings.
> Do you have any idea about this problem please?

I have checked the server certificate for accounts @lma.cnrs-mrs.fr .

The certificate is signed with SHA1. Recent versions of many operating
systems do not trust SHA1 signatures any more.

I recall that the TERENA SSL CA was at some point changed to a newer
version supporting SHA-256 signatures, and that everybody using the old
certificates was called to action to replace the old SHA-1 certificates
with new SHA-256 ones, precisely to avoid problems with new OS releases.

Probably, your identity provider missed that call to action, and your
upgrade to El Capitan now caused the server trust chain to become
unacceptable for your new operating system.

There is nothing you can do on your Mac to rectify this; you need to
talk to your identity provider administrators and convince them to get a
new, more contemporary, server certificate.

Greetings,

Stefan Winter

--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature


Archive powered by MHonArc 2.6.19.

Top of Page