cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Stefan Winter <stefan.winter AT restena.lu>
- To: ICHRAK TOUMI <toumi AT lma.cnrs-mrs.fr>, cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] Problem of Eduroam - System OS X El Capitan
- Date: Tue, 8 Dec 2015 12:46:00 +0100
- Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hello,
> I am a researcher from the LMA Laboratory: CNRS- Campus de Marseille
> Joseph- Aiguier.
> I have done an update to OS X El Capitan and since that, the Eduroam
> didn’t work. I have seen that it is a problem related to the certificate
> so i downloaded a new eduroam certificate for El Capitan and installed
> it but i still get problem. Here is a screenshot of the error, it says:
>
> « failure of the authentication on the network » : the identity of the
> authentication server could not be established. Contact your network
> administrator to check your configuration settings.
> Do you have any idea about this problem please?
I have checked the server certificate for accounts @lma.cnrs-mrs.fr .
The certificate is signed with SHA1. Recent versions of many operating
systems do not trust SHA1 signatures any more.
I recall that the TERENA SSL CA was at some point changed to a newer
version supporting SHA-256 signatures, and that everybody using the old
certificates was called to action to replace the old SHA-1 certificates
with new SHA-256 ones, precisely to avoid problems with new OS releases.
Probably, your identity provider missed that call to action, and your
upgrade to El Capitan now caused the server trust chain to become
unacceptable for your new operating system.
There is nothing you can do on your Mac to rectify this; you need to
talk to your identity provider administrators and convince them to get a
new, more contemporary, server certificate.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Attachment:
0x8A39DC66.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
- [[cat-users]] Problem of Eduroam - System OS X El Capitan, ICHRAK TOUMI, 12/08/2015
- Re: [[cat-users]] Problem of Eduroam - System OS X El Capitan, Stefan Winter, 12/08/2015
Archive powered by MHonArc 2.6.19.