The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hi,

I've also added this to the Wiki now for future reference:

https://wiki.geant.org/display/H2eduroam/A+guide+to+eduroam+CAT+for+institution+administrators#AguidetoeduroamCATforinstitutionadministrators-EAPDetails

Greetings,

Stefan

Am 05.01.2017 um 16:31 schrieb Stefan Winter:
> Hello,
> 
> you can upload the new and old CA simultaneously to CAT. On all
> supported client OSes, both will be installed and both will be marked
> trusted.
> 
> It's a very good idea to do this as early as possible so that every
> newly configured user gets the new certificate ahead of time. They will
> then not even notice the change of server cert from old to new trust root.
> 
> There is only one fraction of CAT-supported client OSes which does not
> support multiple root CAs: Android versions < 7.1.
> 
> For those, only one CA will be installed (I don't recall the ordering in
> the CAT interface; to be sure you could create a profile just for
> Android and only load the desired one into that profile).
> 
> Android 7.1 finally got its support for multiple CAs and I think the app
> already supports that (Gareth to correct me if I'm wrong).
> 
> But we all know the update situation on Android and it is thus naive to
> think that this problem will wither out in anything less than five
> years. :-( I'm afraid there's little we can do about it.
> 
> Greetings,
> 
> Stefan Winter
> 
> Am 05.01.2017 um 09:05 schrieb Scott Johnson:
>> Our two radius servers running MS NPS 2012R2 will renew their
>> certificates in the next 30 days.  These are certificates issued by our
>> private root CA (MS Certificate Authority 2012R2) – private root CA
>> expiration date 2018
>>
>>  
>>
>> Are any changes needed for eduroam & the CAT installer?
>>
>>  
>>
>> Also our private root CA certificate will need to be renewed in the
>> beginning of 2018. How does that effect eduroam & CAT?  I know I would
>> have to update the root CA certificate on the CAT installer package, but
>> can I put the old & new in there at the same time?
>>
>>  
>>
>> If it’s a big issue I would prefer to get in front of it sooner than
>> later…  Our Fall class (September start)  is always the biggest so if
>> things need to happen it would be best to do it before the fall class
>> and prepare everyone else with months of warning since the students
>> don’t actually read emails….
>>
>>  
>>
>>  
>>
>> On a side note I want to ALSO move both the NPS servers & the
>> Certificate Authority server to Windows Server 2016.anyone have
>> experience there yet?
>>
>>  
>>
>>  
>>
>> *Scott Johnson*
>>
>> *IT Infrastructure Manager *
>>
>> Southern California University of Health Sciences
>>
>> 16200 Amber Valley Drive, Whittier, CA 90604
>>
>> Phone: (562) 902-3347 Mobile: (714) 758-5991
>>
>> email_sig
>>
>>  
>>
>>  
>>
>> To unsubscribe, send this message:
>> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
>> Or use the following link:
>> https://lists.geant.org/sympa/sigrequest/cat-users
> 
> 


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature