cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] FW: eduroam CAT authentication (Ref:IN:00216824)

From: Alan Buxey <alan.buxey AT gmail.com>
To: eduroam CAT Feedback <cat-users AT lists.geant.org>
Subject: Re: [[cat-users]] FW: eduroam CAT authentication (Ref:IN:00216824)
Date: Mon, 23 Oct 2017 20:06:44 +0100
Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com

hi,

eduroamCAT only supports particular (ie recent) versions of Android.
So long as the devices not working match that requirement, then the
common cause
of problem is that your Android devices dont have the require
intermediate certs installed - the eduroamCAT tool will installs the
root cert (if its not present)
but your RADIUS server SHOULD be sending the entire chain (local cert,
intermediates) and not just the local cert. (in fact, there are some
random devices out
there that like the root cert to be sent out too but they are slowly
disappearing as people get rid of pretty old kit).

your root appears to be SHA1 - its 2017 - any new deployments should
really be starting with SHA256 (and those with older SHA1 roots,
think about upgrading :) )

alan

PS the original message should have been trimmed to the minimum ;-)

RE: [[cat-users]] FW: eduroam CAT authentication (Ref:IN:00216824), Martyn Bratt, 10/20/2017
- Re: [[cat-users]] FW: eduroam CAT authentication (Ref:IN:00216824), Stefan Winter, 10/23/2017
  - Re: [[cat-users]] FW: eduroam CAT authentication (Ref:IN:00216824), Alan Buxey, 10/23/2017
    - Re: [[cat-users]] FW: eduroam CAT authentication (Ref:IN:00216824), Stefan Winter, 10/24/2017
  - RE: [[cat-users]] FW: eduroam CAT authentication (Ref:IN:00216824), Martyn Bratt, 10/25/2017
    - Re: [[cat-users]] FW: eduroam CAT authentication (Ref:IN:00216824), Stefan Winter, 10/25/2017