The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hello,

> We're just starting to explore EAP-TLS on campus and I created a CAT
> profile to test also.
> 
> I noticed that iOS CAT profiles (5, 6, and 7+ are listed) don't generate
> TLS installers, is that going to be a limitation for the future, or will
> CAT
> soon support EAP-TLS in iOS 10+ ?

Turning this on is a one-line change. The issue is that we turned it off
on purpose because iOS had issues with it where MacOS X did not:

Our installers configure the use of EAP-TLS, but do not include the
actual client certificate. This has to get onto the system in a
different way.

On macOS, when you connect to a Wi-Fi network with EAP-TLS enabled, the
OS will ask you which of your certificates in Keychain should be used
for the access. That's fine.

On iOS, only in-profile information is used when connecting - and since
the client cert isn't found in-line, this won't work.

This may have changed recently of course. Feel free to try and download
the macOS installer with an iOS device - it will work there as well. If
you have any success in connecting to eduroam, we can flip the EAP-TLS
support switch for iOS in short notice.

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature