cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Stefan Winter <stefan.winter AT restena.lu>
- To: cat-users AT lists.geant.org, Cristiano De Michele <cristiano.demichele AT uniroma1.it>
- Subject: Re: [[cat-users]] mac osx sierra 10.12.3
- Date: Mon, 27 Mar 2017 13:11:12 +0200
- Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hello,
I have checked the Sapienza trust root and chain building.
They are indeed still using a TCS Gen 2 cert - issued pretty much "last
minute" in May 2015 and in principle valid until Jun 2 2018.
However, TCS Gen 2 was based on SHA-1 intermediate CAs.
Many OSes these days refuse to consider SHA-1 signed certificates
trusted. That is most likely the reason for this problem.
The current iteration of TCS, running on DigiCert roots which have
SHA-256 all the way through, is heavily recommended over anything SHA-1.
Cristiano, the best thing you can do to solve this problem *thoroughly*
is to show this mail to your IT department and make them
a) get a contemporary server certificate
b) update their trust root settings in eduroam CAT
so that you can afterwards download an updated config - which then works :-)
Since you configured Android manually, no verification at all is done on
any of the certificates, so you did not get a complaint by Android OS.
But that means your authentication to eduroam networks with your Android
is COMPLETELY insecure. Once Sapienza has updated their CAT settings,
you should rather use the eduroam CAT Android App.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Attachment:
0x8A39DC66.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
- [[cat-users]] mac osx sierra 10.12.3, Cristiano De Michele, 03/27/2017
- Re: [[cat-users]] mac osx sierra 10.12.3, Stefan Winter, 03/27/2017
- Re: [[cat-users]] mac osx sierra 10.12.3, Stefan Winter, 03/27/2017
- Re: [[cat-users]] mac osx sierra 10.12.3, Stefan Winter, 03/27/2017
Archive powered by MHonArc 2.6.19.