cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Stefan Winter <stefan.winter AT restena.lu>
- To: Michael Davis <davis AT udel.edu>, cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] EAP-TLS CAT support for iOS 10
- Date: Wed, 2 Aug 2017 13:55:03 +0200
- Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hi,
that's great to hear. Did it not work on iOS 8, or did you not test that?
Also, how did you get the client cert onto the device? The two variants
I know of are that you create a profile containing only that client
cert, or that you import the DER encoded file by tapping on it - it will
then show up in "Settings -> Profiles" as if it were part of a profile,
even if it isn't.
Greetings,
Stefan Winter
Am 02.08.2017 um 13:41 schrieb Michael Davis:
> Thank you, this worked on iOS 9 and iOS 10 by using the MacOS Sierra
> configuration.
>
> thanks
> mike
>
> On 8/2/17 3:56 AM, Stefan Winter wrote:
>> Hello,
>>
>>> We're just starting to explore EAP-TLS on campus and I created a CAT
>>> profile to test also.
>>>
>>> I noticed that iOS CAT profiles (5, 6, and 7+ are listed) don't generate
>>> TLS installers, is that going to be a limitation for the future, or will
>>> CAT
>>> soon support EAP-TLS in iOS 10+ ?
>> Turning this on is a one-line change. The issue is that we turned it off
>> on purpose because iOS had issues with it where MacOS X did not:
>>
>> Our installers configure the use of EAP-TLS, but do not include the
>> actual client certificate. This has to get onto the system in a
>> different way.
>>
>> On macOS, when you connect to a Wi-Fi network with EAP-TLS enabled, the
>> OS will ask you which of your certificates in Keychain should be used
>> for the access. That's fine.
>>
>> On iOS, only in-profile information is used when connecting - and since
>> the client cert isn't found in-line, this won't work.
>>
>> This may have changed recently of course. Feel free to try and download
>> the macOS installer with an iOS device - it will work there as well. If
>> you have any success in connecting to eduroam, we can flip the EAP-TLS
>> support switch for iOS in short notice.
>>
>> Greetings,
>>
>> Stefan Winter
>>
>
>
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Attachment:
0x8A39DC66.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
- Re: [[cat-users]] EAP-TLS CAT support for iOS 10, Stefan Winter, 08/02/2017
- Re: [[cat-users]] EAP-TLS CAT support for iOS 10, Michael Davis, 08/02/2017
- Re: [[cat-users]] EAP-TLS CAT support for iOS 10, Stefan Winter, 08/02/2017
- Re: [[cat-users]] EAP-TLS CAT support for iOS 10, Tomasz Wolniewicz, 08/02/2017
- Re: [[cat-users]] EAP-TLS CAT support for iOS 10, Michael Davis, 08/02/2017
- Re: [[cat-users]] EAP-TLS CAT support for iOS 10, Stefan Winter, 08/02/2017
- Re: [[cat-users]] EAP-TLS CAT support for iOS 10, Michael Davis, 08/02/2017
Archive powered by MHonArc 2.6.19.