The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Jethro R Binks <jethro.binks AT strath.ac.uk>]

So we're going through a process of changing our certificate to a 
self-signed CA, which we will cut over in a couple of weeks.

I created a new CAT profile that contained what we had in the original, 
plus the new CA cert.  We are also changing server name, so I have two 
instances of the "Name (CN) of the Authentication Server" field specified, 
one with the old cert name and one with the new.

This has worked fine on iOS and other devices as far as testing has shown, 
but some Android users find they get "x Server Subject Match missing" when 
the user gets the Current Device Configuration summary.

I tweaked the RADIUS server for the MAC address of one of the affected 
clients so it would get the new cert, and it appears to have connected 
fine.  So it appears that it is ignoring the CN field which specifies the 
name on the current certificate, and is accepting the CN field which is 
specified on the new certificate.

Is there something I'm doing wrong or have overlooked?

(I have a growing disgruntled population who tested the updated CAT 
profile and now can't connect :).

Jethro.

.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK

The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.