The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Tomasz Wolniewicz <twoln AT umk.pl>]

I am not able to confirm this.
I have installed a p12 encoded personal certificate. This has resulted
in an unverified profile. Then I have installed a MAC OS TLS profile on
iOS 10. On connection it asks me for username and password even though
the profile points to EAP-TLS.

Tomasz


W dniu 02.08.2017 o 13:55, Stefan Winter pisze:
> Hi,
>
> that's great to hear. Did it not work on iOS 8, or did you not test that?
>
> Also, how did you get the client cert onto the device? The two variants
> I know of are that you create a profile containing only that client
> cert, or that you import the DER encoded file by tapping on it - it will
> then show up in "Settings -> Profiles" as if it were part of a profile,
> even if it isn't.
>
> Greetings,
>
> Stefan Winter
>
> Am 02.08.2017 um 13:41 schrieb Michael Davis:
>> Thank you, this worked on iOS 9 and iOS 10 by using the MacOS Sierra
>> configuration.
>>
>> thanks
>> mike
>>
>> On 8/2/17 3:56 AM, Stefan Winter wrote:
>>> Hello,
>>>
>>>> We're just starting to explore EAP-TLS on campus and I created a CAT
>>>> profile to test also.
>>>>
>>>> I noticed that iOS CAT profiles (5, 6, and 7+ are listed) don't generate
>>>> TLS installers, is that going to be a limitation for the future, or will
>>>> CAT
>>>> soon support EAP-TLS in iOS 10+ ?
>>> Turning this on is a one-line change. The issue is that we turned it off
>>> on purpose because iOS had issues with it where MacOS X did not:
>>>
>>> Our installers configure the use of EAP-TLS, but do not include the
>>> actual client certificate. This has to get onto the system in a
>>> different way.
>>>
>>> On macOS, when you connect to a Wi-Fi network with EAP-TLS enabled, the
>>> OS will ask you which of your certificates in Keychain should be used
>>> for the access. That's fine.
>>>
>>> On iOS, only in-profile information is used when connecting - and since
>>> the client cert isn't found in-line, this won't work.
>>>
>>> This may have changed recently of course. Feel free to try and download
>>> the macOS installer with an iOS device - it will work there as well. If
>>> you have any success in connecting to eduroam, we can flip the EAP-TLS
>>> support switch for iOS in short notice.
>>>
>>> Greetings,
>>>
>>> Stefan Winter
>>>
>>
>

-- 
Tomasz Wolniewicz    
          
twoln AT umk.pl
        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576

Attachment: smime.p7s
Description: Kryptograficzna sygnatura S/MIME