The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Andy Gatward <a.j.gatward AT reading.ac.uk>]

Hi,

 

I have just stumbled across an issue with Windows and the handling of newly-issued certificates from Comodo.   We kept with this route so we wouldn’t have to do a mammoth change in profiles for our end users, as we believed that everything should still chain back to ‘AddTrust External CA Root’.   Unfortunately, it seems that Microsoft have decided that one of the intermediate certificates, ‘COMODO RSA Certification Authority’ is actually the anchor point for the newly-issued server certificate.

 

The CAT tool (correctly) doesn’t acknowledge the RSA CA certificate as a root; however this breaks Windows platforms as they don’t believe that the correct root, ‘AddTrust External CA Root’ is the anchor point.

 

For completeness, the certificate chain is:

 

radius.auth.reading.ac.uk

-> COMODO RSA Domain Validation Secure Server CA

   -> COMODO RSA Certification Authority

     -> AddTrust External CA Root

 

Is there anything I can do in CAT to make this work for Windows, with its broken anchor?

 

Thanks in advance,

 

Andy.

 

--

Dr. Andy Gatward

Head of IT Operations | Information Technology | University of Reading

DDI: +44 (0) 118 378 7147 | www.reading.ac.uk/it