The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Tomasz Wolniewicz <twoln AT umk.pl>]

Hi John,
   in principle intermediate certificates are not needed if your RADIUS
server sends them during the TLS negotiation. Still I believe we did
discover some strange behaviour of certain devices when intermediate
certificated were not installed, cannot remember what it was, but
probably someone on this list will.
Anyway keeping the intermediate definitely does not do any harm.
Tomasz


W dniu 13.07.2017 o 12:45, John Horne pisze:
> On Wed, 2017-07-12 at 21:26 +0000, John Horne wrote:
>
>> On Wed, 2017-07-12 at 18:57 +0200, Tomasz Wolniewicz wrote:
>>> Hi John,
>>>    you need to add the UserTrust root to CAT CAs, CAT will then set the
>>> tick in the trusted CAs in the Windows profile.
>> The usertrust root is already in the CAT profile (both of the intermediates
>> and the root were shipped up to the CAT website at the same time). The
>> usertrust root is the 'AddTrust External CA Root'.
> Hi,
>
>
>
> Well this morning I deleted the usertrust and addtrust certificates from the
>
> windows 7 client. I then deleted the Windows eduroam profile from the 
> client,
>
> and downloaded/installed CAT again. It logged into our eduroam network with 
> no
>
> problems :-)
>
>
>
> Checking the certificates on the Windows client shows that the addtrust root
>
> certificate is installed (and ticked as trusted), but the usertrust RSA
>
> intermediate cert is not installed. I guess it's not required, but I have 
> left
>
> it in the CAT profile.
>
>
>
> Anyway, things seem to be working now. Thanks to all for your help,
>
>
>
>
>
>
>
> John.
>
>
>
> --
>
> John Horne | Senior Operations Analyst | Technology and Information Services
>
> University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
>
> ________________________________
>
> [http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass>
>
>
>
> This email and any files with it are confidential and intended solely for 
> the use of the recipient to whom it is addressed. If you are not the 
> intended recipient then copying, distribution or other use of the 
> information contained is strictly prohibited and you should not rely on it. 
> If you have received this email in error please let the sender know 
> immediately and delete it from your system(s). Internet emails are not 
> necessarily secure. While we take every care, Plymouth University accepts 
> no responsibility for viruses and it is your responsibility to scan emails 
> and their attachments. Plymouth University does not accept responsibility 
> for any changes made after it was sent. Nothing in this email or its 
> attachments constitutes an order for goods or services unless accompanied 
> by an official order form.
>
> To unsubscribe, send this message: 
> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
>
> Or use the following link: 
> https://lists.geant.org/sympa/sigrequest/cat-users
>

-- 
Tomasz Wolniewicz    
          
twoln AT umk.pl
        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576

Attachment: smime.p7s
Description: Kryptograficzna sygnatura S/MIME