The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hello,

> Thanks for the reply. 
> 
> We are listed on https://cat.eduroam.org. Currently we are testing the 
> tool. 
> 
> The question I have is : Which CA files I need to upload in to tool.
> 
> Our Server certificate is from https://www.thawte.com/. I have uploaded CA 
> certificates from this site. When it comes to authentication on the server 
> its rejecting. 
> 
> I thought there is something in the tool I have misconfigured. Could you 
> help us?

There are many CA certificate in Thwate's portfolio.

You only need to upload

a) the (one) root CA certificate that issued your server cert
b) optionally, but recommended, all the intermediate CAs that make up
the certification path from said root CA to your server cert.

If you'd post the "Subject" part of your server cert (or send the entire
thing, please WITHOUT the private key of course) then it's fairly simple
to look up which CAs you need.

Even though I'm surprised you weren't given those certificates on the
same download page that gave you the server cert itself - all these
belong together.

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature