Skip to Content.
Sympa Menu

cat-users - [[cat-users]] University of Surrey certificate issues with Android 7 & 8 connecting to Eduroam

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

[[cat-users]] University of Surrey certificate issues with Android 7 & 8 connecting to Eduroam


Chronological Thread 
  • From: <k.markey AT surrey.ac.uk>
  • To: <cat-users AT lists.geant.org>
  • Subject: [[cat-users]] University of Surrey certificate issues with Android 7 & 8 connecting to Eduroam
  • Date: Wed, 27 Sep 2017 13:44:41 +0000
  • Accept-language: en-GB, en-US
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=surrey.ac.uk
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=k.markey AT surrey.ac.uk;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Hi Support,

 

Please can you assist with a certification issue that we’re experiencing at the University of Surrey, with Android versions 7 & 8 connecting to Eduroam.  I’ve read the article below from your help pages, but I would like assistance with configuring this.  Can you advise how this can be done?

CA rollover support

You can upload multiple root CA certificates simultaneously to CAT. On all supported client OSes, all of them will be installed and all will be marked trusted. This enables CA vertificate rollow without a flag day: User devices which were configured with an upcoming new root CA ahead of time will then not even notice the change of server cert from old to new trust root (so long as the Common Name of the server certificate remains unchanged during the rollover).

Almost all CAT-support client operating systems support multiple trust roots. There is only one fraction of CAT-supported client OSes which does not support multiple root CAs: Android versions < 7.1. For those, due to an API limitation we are not able to do anything about, only one root CA will be installed; the API also cannot install any intermediate CAs at all. To isolate Android users while giving everyone else multiple trust roots early,  you could create a different profile (see next section) just for Android and only load the desired root CA into that profile). Android 7.1 finally got its support for multiple trust roots; the eduroamCAT app already supports that

Given the update situation on the Android platform, it is naive to think that the unsupported root CA rollover problem will wither out in anything less than five years.  There is unfortunately nothing we can do about it.

 

Kind Regards,

Kevin.

Kevin Markey

Operations Network Analyst

 

Tel: +44 (0) 1483 682377 

Email: k.markey@surrey.ac.uk

Web: surrey.ac.uk

06AP01 Austin pearce building, University of Surrey, Guildford, Surrey, GU2 7XH, UK

 

 

http://43bc734e13f6ef265bec-003422995f0c8d62f140f93cb947a950.r84.cf3.rackcdn.com/image001-2.png

 

http://43bc734e13f6ef265bec-003422995f0c8d62f140f93cb947a950.r84.cf3.rackcdn.com/good-uni-guide-2.png

Follow the University of Surrey

cid:image002.png@01CFEC63.939337D0 cid:image003.png@01CFEC63.939337D0 cid:image004.png@01CFEC63.939337D0 cid:image005.png@01CFEC63.939337D0 cid:image006.png@01CFEC63.939337D0

 

 

 

 

Kevin Markey

Operations Network Analyst

 

Tel: +44 (0) 1483 682377 

Email: k.markey@surrey.ac.uk

Web: surrey.ac.uk

06AP01 Austin pearce building, University of Surrey, Guildford, Surrey, GU2 7XH, UK

 

 

http://43bc734e13f6ef265bec-003422995f0c8d62f140f93cb947a950.r84.cf3.rackcdn.com/image001-2.png

 

http://43bc734e13f6ef265bec-003422995f0c8d62f140f93cb947a950.r84.cf3.rackcdn.com/good-uni-guide-2.png

Follow the University of Surrey

cid:image002.png@01CFEC63.939337D0 cid:image003.png@01CFEC63.939337D0 cid:image004.png@01CFEC63.939337D0 cid:image005.png@01CFEC63.939337D0 cid:image006.png@01CFEC63.939337D0

 

 




Archive powered by MHonArc 2.6.19.

Top of Page