cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
Re: [[cat-users]] University of Surrey certificate issues with Android 7 & 8 connecting to Eduroam
Chronological Thread
- From: Stefan Winter <stefan.winter AT restena.lu>
- To: k.markey AT surrey.ac.uk, cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] University of Surrey certificate issues with Android 7 & 8 connecting to Eduroam
- Date: Wed, 27 Sep 2017 15:55:51 +0200
- Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hello,
well, to be honest, much of the strategy to do this is in the text you
quoted.
What specifically do you need help with?
Greetings,
Stefan Winter
Am 27.09.2017 um 15:44 schrieb
k.markey AT surrey.ac.uk:
> Hi Support,
>
>
>
> Please can you assist with a certification issue that we’re experiencing
> at the University of Surrey, with Android versions 7 & 8 connecting to
> Eduroam. I’ve read the article below from your help pages, but I would
> like assistance with configuring this. Can you advise how this can be done?
>
> *CA rollover support*
>
> You can upload multiple root CA certificates simultaneously to CAT. On
> all supported client OSes, all of them will be installed and all will be
> marked trusted. This enables CA vertificate rollow without a flag day:
> User devices which were configured with an upcoming new root CA ahead of
> time will then not even notice the change of server cert from old to new
> trust root (so long as the Common Name of the server certificate remains
> unchanged during the rollover).
>
> Almost all CAT-support client operating systems support multiple trust
> roots. There is only one fraction of CAT-supported client OSes which
> does not support multiple root CAs: Android versions < 7.1. For those,
> due to an API limitation we are not able to do anything about, only one
> root CA will be installed; the API also cannot install any intermediate
> CAs at all. To isolate Android users while giving everyone else multiple
> trust roots early, you could create a different profile (see next
> section) just for Android and only load the desired root CA into that
> profile). Android 7.1 finally got its support for multiple trust roots;
> the eduroamCAT app already supports that
>
> Given the update situation on the Android platform, it is naive to think
> that the unsupported root CA rollover problem will wither out in
> anything less than five years. There is unfortunately nothing we can do
> about it.
>
>
>
> Kind Regards,
>
> Kevin.
>
> Kevin Markey
>
> Operations Network Analyst
>
>
>
> Tel: +44 (0) 1483 682377
>
> Email:
> k.markey AT surrey.ac.uk
> <mailto:@surrey.ac.uk>
>
> Web: surrey.ac.uk
> <http://www.surrey.ac.uk/?utm_medium=internal&utm_source=emailsignature&utm_campaign=reputation+50th+brand>
>
> 06AP01 Austin pearce building, University of Surrey, Guildford, Surrey,
> GU2 7XH, UK
>
>
>
>
>
> http://43bc734e13f6ef265bec-003422995f0c8d62f140f93cb947a950.r84.cf3.rackcdn.com/image001-2.png
> <http://www.surrey.ac.uk/?utm_medium=internal&utm_source=emailsignature&utm_campaign=reputation+50th+brand>
>
>
>
> http://43bc734e13f6ef265bec-003422995f0c8d62f140f93cb947a950.r84.cf3.rackcdn.com/good-uni-guide-2.png
>
>
>
> Follow the University of Surrey
>
> cid:image002.png AT 01CFEC63.939337D0
> <http://bit.ly/1pjtrrk> cid:image003.png AT 01CFEC63.939337D0
> <http://on.fb.me/1xY68sf> cid:image004.png AT 01CFEC63.939337D0
> <http://bit.ly/1wgOL6T> cid:image005.png AT 01CFEC63.939337D0
> <http://bit.ly/ZxiXOa> cid:image006.png AT 01CFEC63.939337D0
> <http://bit.ly/1CuWVIG>
>
>
>
>
>
>
>
>
>
> Kevin Markey
>
> Operations Network Analyst
>
>
>
> Tel: +44 (0) 1483 682377
>
> Email:
> k.markey AT surrey.ac.uk
> <mailto:@surrey.ac.uk>
>
> Web: surrey.ac.uk
> <http://www.surrey.ac.uk/?utm_medium=internal&utm_source=emailsignature&utm_campaign=reputation+50th+brand>
>
> 06AP01 Austin pearce building, University of Surrey, Guildford, Surrey,
> GU2 7XH, UK
>
>
>
>
>
> http://43bc734e13f6ef265bec-003422995f0c8d62f140f93cb947a950.r84.cf3.rackcdn.com/image001-2.png
> <http://www.surrey.ac.uk/?utm_medium=internal&utm_source=emailsignature&utm_campaign=reputation+50th+brand>
>
>
>
> http://43bc734e13f6ef265bec-003422995f0c8d62f140f93cb947a950.r84.cf3.rackcdn.com/good-uni-guide-2.png
>
>
>
> Follow the University of Surrey
>
> cid:image002.png AT 01CFEC63.939337D0
> <http://bit.ly/1pjtrrk> cid:image003.png AT 01CFEC63.939337D0
> <http://on.fb.me/1xY68sf> cid:image004.png AT 01CFEC63.939337D0
> <http://bit.ly/1wgOL6T> cid:image005.png AT 01CFEC63.939337D0
> <http://bit.ly/ZxiXOa> cid:image006.png AT 01CFEC63.939337D0
> <http://bit.ly/1CuWVIG>
>
>
>
>
>
> To unsubscribe, send this message:
> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
> Or use the following link:
> https://lists.geant.org/sympa/sigrequest/cat-users
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Attachment:
0x8A39DC66.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
- [[cat-users]] University of Surrey certificate issues with Android 7 & 8 connecting to Eduroam, k.markey, 09/27/2017
- Re: [[cat-users]] University of Surrey certificate issues with Android 7 & 8 connecting to Eduroam, Stefan Winter, 09/27/2017
Archive powered by MHonArc 2.6.19.