The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Daniele Albrizio <daniele AT albrizio.it>]

Android without CAT connects to Eduroam no matter what certificates Radius server presented them and this is very unsecure. 

What about clients using eduroam CAT? Did you insert the server certificate too, in old eduroam CAT configuration for your institution? If yes, this may be  the problem: clients may not trust the new certificate because they are clamped to the old. Suggestion for the future is trying to use only the trust anchor needed. That is the intermediate ca certificate.

Daniele Albrizio

University of Trieste.

Il 13 feb 2017 17:35, "Michele de Varda" <michele.devarda AT unimi.it> ha scritto:

Dear CAT Developers,

the last Thursday we updated the RADIUS servers certificate for Eduroam users. The Root CA cert and the Intermediate cert are still the same so we didn't change the CAT configuration.

All seems work fine with Apple, Linux and Windows devices but we have problems with Android clients:

• Android devices without CAT config work fine but the "CA certificate" field is empty
• Android devices with CAT config don't work and for each authentication attempt in the RADIUS server we find this log "Auth: Login incorrect (TLS Alert read:fatal:unknown CA)".

In attach 2 screenshots, in the second screenshot there is the message  "No CA Certificate found", is this a normal behaviour?

There is something wrong in our config?

Thank you for your help,

Michele de Varda

-- 
Università degli Studi di Milano
Divisione Telecomunicazioni
tel. 02 503-15306
via Giuseppe Colombo 46
20133 Milano

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users