cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: "[MK] Mikael Klintorp" <mk AT eg-gym.dk>
- To: list <cat-users AT lists.geant.org>
- Subject: [[cat-users]] Certificate revocation problem
- Date: Fri, 16 Nov 2018 10:52:41 +0000
- Accept-language: da-DK, en-US
- Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=eggym.onmicrosoft.com
- Authentication-results: spf=none (sender IP is ) smtp.mailfrom=mk AT eg-gym.dk;
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Hi,
My users are no longer able to log on to foreign eduroam networks. When I
test user logon from the Realm Check option on the CAT administration site an
error concerning certificate revocation comes op:
The extension 'CRL Distribution Point' in the server certificate points to a
location where no DER-encoded CRL can be found. Some Operating Systems check
certificate validity by consulting the CRL and will fail to validate the
certificate. Checking server certificate validity against a CRL will not be
possible.
Strange, because the URL in the CRL Distribution Point section
(http://www.eg-gym.dk/cert/EspergaerdeGymnasiumAndHF-CA.crl) is up-to-date
and functional as far as I can test.
The Realm Check itself has always failed for our domain, but we have been
able to logon to other eduroam WiFi's nevertheless. I have no idea when it
stopped working (my users are not very communicative). At home everything
works fine for both guests and local users.
Any ideas?
Best Regards
Mikael Klintorp
Espergærde Gymnasium og HF
Attachment:
CrlError.jpg
Description: CrlError.jpg
Attachment:
RealmCheckError.jpg
Description: RealmCheckError.jpg
Attachment:
eduroamCertificate.zip
Description: eduroamCertificate.zip
- [[cat-users]] Certificate revocation problem, [MK] Mikael Klintorp, 11/16/2018
- Re: [[cat-users]] Certificate revocation problem, Stefan Winter, 11/16/2018
Archive powered by MHonArc 2.6.19.