cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
[[cat-users]] University of Surrey certificate issues with Android 7 & 8 connecting to Eduroam
Chronological Thread
- From: <k.markey AT surrey.ac.uk>
- To: <cat-users AT lists.geant.org>
- Subject: [[cat-users]] University of Surrey certificate issues with Android 7 & 8 connecting to Eduroam
- Date: Wed, 27 Sep 2017 13:44:41 +0000
- Accept-language: en-GB, en-US
- Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=surrey.ac.uk
- Authentication-results: spf=none (sender IP is ) smtp.mailfrom=k.markey AT surrey.ac.uk;
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
|
Hi Support,
Please can you assist with a certification issue that we’re experiencing at the University of Surrey, with Android versions 7 & 8 connecting to Eduroam. I’ve read the article below from your help pages, but I would like assistance with configuring this. Can you advise how this can be done? CA rollover support You can upload multiple root CA certificates simultaneously to CAT. On all supported client OSes, all of them will be installed and all will be marked trusted. This enables CA vertificate rollow without a flag day: User devices which were configured with an upcoming new root CA ahead of time will then not even notice the change of server cert from old to new trust root (so long as the Common Name of the server certificate remains unchanged during the rollover). Almost all CAT-support client operating systems support multiple trust roots. There is only one fraction of CAT-supported client OSes which does not support multiple root CAs: Android versions < 7.1. For those, due to an API limitation we are not able to do anything about, only one root CA will be installed; the API also cannot install any intermediate CAs at all. To isolate Android users while giving everyone else multiple trust roots early, you could create a different profile (see next section) just for Android and only load the desired root CA into that profile). Android 7.1 finally got its support for multiple trust roots; the eduroamCAT app already supports that Given the update situation on the Android platform, it is naive to think that the unsupported root CA rollover problem will wither out in anything less than five years. There is unfortunately nothing we can do about it.
Kind Regards, Kevin. Kevin Markey Operations Network Analyst
Tel: +44 (0) 1483 682377 Email: k.markey@surrey.ac.uk Web: surrey.ac.uk 06AP01 Austin pearce building, University of Surrey, Guildford, Surrey, GU2 7XH, UK
Kevin Markey Operations Network Analyst
Tel: +44 (0) 1483 682377 Email: k.markey@surrey.ac.uk Web: surrey.ac.uk 06AP01 Austin pearce building, University of Surrey, Guildford, Surrey, GU2 7XH, UK
|
- [[cat-users]] University of Surrey certificate issues with Android 7 & 8 connecting to Eduroam, k.markey, 09/27/2017
- Re: [[cat-users]] University of Surrey certificate issues with Android 7 & 8 connecting to Eduroam, Stefan Winter, 09/27/2017
Archive powered by MHonArc 2.6.19.