Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] Eduroam CAT 1.1.3 has issues with Windows 10 anniversary edition

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] Eduroam CAT 1.1.3 has issues with Windows 10 anniversary edition


Chronological Thread 
    < Chronological >      < Thread >
  • From: Tomasz Wolniewicz <twoln AT umk.pl>
  • To: "Phillip M. Immordino" <pimmo AT Princeton.EDU>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
  • Subject: Re: [[cat-users]] Eduroam CAT 1.1.3 has issues with Windows 10 anniversary edition
  • Date: Wed, 26 Oct 2016 21:48:29 +0200

Hi,

  The Princeton University CAT profile is quite unusual. It has 26 certificates loaded.

After eliminating the duplicates we are left a single root (Add Trust) and two intermediate CAs and  3 server certificates issued by the lowest level CA.

The configuration should just contain single instances of the three CAs providing the full path and no server certificates.

Still these imperfections do not explain why the profile does not work.

The fact that CAT allows loading multiple identical certificates is definitely a bug, but again I do not see why this should really matter. The Windows installer seems to behave reasonably.

I would suggest running reachability tests from the CAT admin interface, they might uncover the reason, perhaps the CAT settings do not match the actual server configuration. CAT reachability tests will be able to detect that.

Hoping to find more info, I have taken a look at the Princeton University eduroam help and saw that it does not mention any security settings which is clearly wrong making your users' vulnerable in case on MITM attacks. CAT profiles should take care of that of course.

Cheers

Tomasz


W dniu 26.10.2016 o 16:59, Phillip M. Immordino pisze:

We are finding that Eduroam CAT 1.1.3 does not work with Windows 10 Anniversary edition (Version 1607 - Build 10.0.14393).

It creates the eduroam profile and adds the certificates, but does not allow connection (connection fails).   Manually connecting to an eduroam network (either initially without using CAT or after deleting the Eduroam profile created by CAT) does work normally.

 

Phil Immordino

Princeton University

pimmo AT princeton.edu

 

 

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users 
-- 
Tomasz Wolniewicz    
          twoln AT umk.pl        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne       Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika         Nicolaus Copernicus University,
pl. Rapackiego 1, Torun                pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576

Archive powered by MHonArc 2.6.19.

Top of Page