Skip to Content.

cat-users - Re: [[cat-users]] CAT - Student profile issues

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [[cat-users]] CAT - Student profile issues


Chronological Thread 
    < Chronological >      < Thread >
  • From: Stefan Winter <stefan.winter AT restena.lu>
  • To: "Luiz F. C. Martins" <luiz.martins AT griffith.ie>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
  • Cc: John Molohan <john.molohan AT griffith.ie>, Anthony McGovern <anthony.mcgovern AT griffith.ie>
  • Subject: Re: [[cat-users]] CAT - Student profile issues
  • Date: Tue, 19 Jul 2016 14:18:47 +0200
  • Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hello,

> Good morning, I’ve just saw that CAT was recently upgraded to version 1.1.2.

We should remove that MOTD I guess. That was weeks ago, and things have
been running smoothly all the time since.

> We have had problems involving the CAT on our Student profile.
>
> When trying to open the profile I get “Configuration File Error, File
> access error. Try downloading profile again”.
>
> Sometimes I can download the profile, but the information about the CA
> certificate is missing.
>
> After the profile is finally installed on the device I can’t connect to
> the Eduroam network due to a generic `authentication error`(Android
> 6.0), but editing the wireless connection on the mobile device just
> removing the CA certificate(maybe corrupted) I’m able to connect to
> Eduroam successfully.

Hm... that really is strange. Can you just confirm two things?

- Are your problems limited to the Android app?
- Did you run the "Realm Check" for the student profile, and does it
show any issues?

> An important information is that our Staff profile is working fine.

Well the staff one uses a self-signed cert (no intermediates) while the
student one is from GoDaddy with two intermediate CAs. So any difference
would very probably be around certificate handling.

However, your profile looks just about perfect. It's just one root CA,
your server sends all the intermediates (without the root itself), and
all the cert properties look like they should.

Even Android with its limitations should be accepting those just fine.

Greetings,

Stefan Winter

--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature


Archive powered by MHonArc 2.6.19.

Top of Page