cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Michael Davis <davis AT udel.edu>
- To: eduroam CAT Feedback <cat-users AT lists.geant.org>
- Subject: Re: [[cat-users]] EAP-TLS CAT support for iOS 10
- Date: Wed, 2 Aug 2017 08:16:44 -0400
- Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (2048-bit key) header.d=udel-edu.20150623.gappssmtp.com
Ignore my previous message, I understand now what you're saying, iOS
either uses the client cert profile, or the CAT eduroam profile, but not
both. The MacOS CAT program worked to install the CAT eduroam profile,
but then the phone didn't use it and gave me an untrusted authentication
server warning when connecting with the client cert.
On 8/2/17 7:55 AM, Stefan Winter wrote:
Hi,
that's great to hear. Did it not work on iOS 8, or did you not test that?
Also, how did you get the client cert onto the device? The two variants
I know of are that you create a profile containing only that client
cert, or that you import the DER encoded file by tapping on it - it will
then show up in "Settings -> Profiles" as if it were part of a profile,
even if it isn't.
Greetings,
Stefan Winter
Am 02.08.2017 um 13:41 schrieb Michael Davis:
Thank you, this worked on iOS 9 and iOS 10 by using the MacOS Sierra
configuration.
thanks
mike
On 8/2/17 3:56 AM, Stefan Winter wrote:
Hello,
We're just starting to explore EAP-TLS on campus and I created a CATTurning this on is a one-line change. The issue is that we turned it off
profile to test also.
I noticed that iOS CAT profiles (5, 6, and 7+ are listed) don't generate
TLS installers, is that going to be a limitation for the future, or will
CAT
soon support EAP-TLS in iOS 10+ ?
on purpose because iOS had issues with it where MacOS X did not:
Our installers configure the use of EAP-TLS, but do not include the
actual client certificate. This has to get onto the system in a
different way.
On macOS, when you connect to a Wi-Fi network with EAP-TLS enabled, the
OS will ask you which of your certificates in Keychain should be used
for the access. That's fine.
On iOS, only in-profile information is used when connecting - and since
the client cert isn't found in-line, this won't work.
This may have changed recently of course. Feel free to try and download
the macOS installer with an iOS device - it will work there as well. If
you have any success in connecting to eduroam, we can flip the EAP-TLS
support switch for iOS in short notice.
Greetings,
Stefan Winter
- Re: [[cat-users]] EAP-TLS CAT support for iOS 10, Stefan Winter, 08/02/2017
- Re: [[cat-users]] EAP-TLS CAT support for iOS 10, Michael Davis, 08/02/2017
- Re: [[cat-users]] EAP-TLS CAT support for iOS 10, Stefan Winter, 08/02/2017
- Re: [[cat-users]] EAP-TLS CAT support for iOS 10, Tomasz Wolniewicz, 08/02/2017
- Re: [[cat-users]] EAP-TLS CAT support for iOS 10, Michael Davis, 08/02/2017
- Re: [[cat-users]] EAP-TLS CAT support for iOS 10, Stefan Winter, 08/02/2017
- Re: [[cat-users]] EAP-TLS CAT support for iOS 10, Michael Davis, 08/02/2017
Archive powered by MHonArc 2.6.19.