cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Pierluigi Checchi <pierluigi.checchi AT polimi.it>
- To: Stefan Winter <stefan.winter AT restena.lu>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
- Subject: RE: [[cat-users]] cat.eduroam.org TLS iOS
- Date: Thu, 31 Jan 2019 08:38:02 +0000
- Accept-language: it-IT, en-US
- Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=polimi365.onmicrosoft.com
- Authentication-results: spf=none (sender IP is ) smtp.mailfrom=pierluigi.checchi AT polimi.it;
Hi Stefan,
I am asked the certificate to use for eduroam and can successfully connect
(using a .mobileconfig profile for OSX and a certificate installed from our
website). The main things to note is:
- I am on the last iOS
- Your certificate is just another profile on iOS
- Once you associate the cert with an ssid (i.e. eduroam or our local EAP-TLS
prolimi-protected SSID) you cannot "forget" that ssid and you have just to
remove the profile
- You end having two profiles on iOS: one is the certificate, one is the
profile containing ssids etc.
I am sending screenshots of the entire procedure on a separate private email
to you.
Thank you,
PC
---
Pierluigi CHECCHI
Politecnico di Milano
Area Servizi ICT - Servizio Gestione Rete dati-fonia
Piazza Leonardo da Vinci, 32 - 20133 Milano - Italy
Tel: +39 02 2399 2356
Mobile: +39 3473532996
pierluigi.checchi AT polimi.it
-----Original Message-----
From: Stefan Winter <stefan.winter AT restena.lu>
Sent: Thursday, January 31, 2019 8:31 AM
To: Pierluigi Checchi <pierluigi.checchi AT polimi.it>; cat-users AT lists.geant.org
Subject: Re: [[cat-users]] cat.eduroam.org TLS iOS
Hello,
> we created a cat profile containing only EAP-TLS as an authentication
> method.
>
> The “installer” (a .mobileconfig Apple profile) seems to be
> unavailable to download for iOS devices.
>
> That’ strange because the same profile, available to download from
> cat, for Apple OSX, if installed on iOS is 100% compatible with iOS
> and useful to autoconfigure iOS iPads or iPhone.
>
> Can you make it available also for iOS users or I am missing something?
This was done intentionally at the time.
iOS can download a TLS profile and install it just fine.
However, the profiles naturally do not contain an actual client certificate.
Earlier versions of iOS we tested were unable to associate a
already-installed TLS client certificate (i.e. imported as a stand-alone
.p12 file) with the newly installed Wi-Fi profile. This rendered the entire
installation process pointless.
What you write above seems to imply that things have changed? Did you
actually *use* the Wi-Fi profile with a pre-installed client certificate and
did that work? How does the initial connection dialog look like, if any? Are
you asked about the client certificate, or will it just pick the (one and
only) client cert it finds in the device?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche 2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's
key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
- [[cat-users]] cat.eduroam.org TLS iOS, Pierluigi Checchi, 01/30/2019
- Re: [[cat-users]] cat.eduroam.org TLS iOS, Stefan Winter, 01/31/2019
- Re: [[cat-users]] cat.eduroam.org TLS iOS, Tomasz Wolniewicz, 01/31/2019
- Re: [[cat-users]] cat.eduroam.org TLS iOS, Stefan Winter, 01/31/2019
- RE: [[cat-users]] cat.eduroam.org TLS iOS, Pierluigi Checchi, 01/31/2019
- Re: [[cat-users]] cat.eduroam.org TLS iOS, Tomasz Wolniewicz, 01/31/2019
- Re: [[cat-users]] cat.eduroam.org TLS iOS, Stefan Winter, 01/31/2019
Archive powered by MHonArc 2.6.19.