The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

["Morris, Andi" <amorris AT cardiffmet.ac.uk>]

Hi all,

Having seen all the issues recently appearing on here regarding SHA1 certificates not being supported I was prompted to check the root certificate that I use on my radius server here for our eduroam install and to my horror I found that it is a SHA1 certificate. It’s a self-signed certificate, and we use eduroamCAT to deploy it to the client devices.

 

Am I likely to hit the sunsetting issues with this certificate being used to secure radius connections with this certificate?

 

I see in the cat admin interface that I can add a second certificate to the deployment options. Will that do as it seems and add a second certificate to the setup meaning I can phase out the old certificate over time without having to ask approximately 5000 users to resetup their devices? Is installing two certificates likely to cause any issues with particular devices?

 

It would be ideal if I could allow freeradius to accept two certificates in parallel so I could phase the old one out, but I can’t imagine this would be possible.

 

Cheers,

Andi

 

-------------------------------------

Andi Morris

IT Security Officer
Cardiff Metropolitan University

T: 02920 205720
E: amorris AT cardiffmet.ac.uk

--------------------------------------

 

---