The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Daniele Albrizio <albrizio AT units.it>]

On 14/02/2017 09:02, Stefan Winter wrote:
> Hello,
>
> > Android without CAT connects to Eduroam no matter what certificates
> > Radius server presented them and this is very unsecure.
>
> That's correct. "It works if I turn off all security" only demonstrates
> flawed thinking, not proper operation.
>
> > What about clients using eduroam CAT? Did you insert the server
> > certificate too, in old eduroam CAT configuration for your institution?
> > If yes, this may be  the problem: clients may not trust the new
> > certificate because they are clamped to the old. Suggestion for the
> > future is trying to use only the trust anchor needed. That is the
> > intermediate ca certificate.
>
> Here Daniele is slightly wrong: the trust anchor is always the /root/
> certificate.

Thanks for spotting this.

[...]

> Android connection attempts will fail: Android does not allow the app to
> install the intermediate together with the root and relies on getting
> the intermediate during authentication time.

Wow, bright, now some things (happening in my institution too) are 
clearer in my mind. :D Thanks.

[...]

--
Daniele ALBRIZIO - 
daniele.albrizio AT units.it
         Tel. +39-040.558.3319
  UNIVERSITY OF TRIESTE - Network Services
     Unita' di Staff Reti di Ateneo
via Alfonso Valerio, 12 I-34127 Trieste, Italy

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature