The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hello,

hate to rain on your parade an extra bit, but I found a second relevant
issue:

your RADIUS server only sends its own server certificate, but not the
intermediate CA.

Android API only allows us to install the root CA into the device. So:
we can't configure it upfront, and you don't send it at connection time
- so the device will not be able to make the link between the server
cert and the root; path validation will fail.

The solution is then of course to make the RADIUS server send the
intermediate CA cert along with the server cert.

This is a second, independent issue - please also correct the one
regarding server names. Only fixing both makes the connection issues go
away.

Out of curiosity, at least this "intermediate only if pre-configured"
scenario should be shown as a warning in CAT UI when you select the
"realm check" feature. Is it not?

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature