The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Tomasz Wolniewicz <twoln AT umk.pl>]

Hi,

W dniu 24.04.2019 o 10:13, NAKAMURA Motonori pisze:
> Hello,
>
> I've just tried to configure my devices with an EAP-TLS profile/CAT,
> and there are some issues.
>
> 0. I added a EAP-TLS item to an existing profile only with EAP-PEAP,
> After that, I want to delete the added EAP-TLS item from the profile
> to separate int two profiles -- EAP-PEAP profile and EAP-TLS profile.
> But I cannot remove the EAP-TLS item from the existing profile. After
> clicking "save data", EAP-TLS appears again...
You mean, you drag TLS to the lower square and save? I have just tested
this on the production CAT and everything went smoothly as expected.
>
> 2. with Windows10 Pro (1809), it works. But the installer requires
> .p12 file on installation. I'd like to use an already installed client
> certificate... (It seems Windows10 automatically finds ID from CN in
> the certificate)

I think that the user experience is better in you require the p12 file.
suppose you want to renew the certificate with the same CN. If the user
just installs the cert first, they will get to choose from two seemingly
identical. There may also be other certs in the system, making user to
select the appropriate one can be hard. I used to have a special setting
for my university, where the system would look for certs with a CN
matching a pattern and automatically using an installed one if it was
found, but again this causes problems with renewing the cert. The
current process actually pins the cert supplied within the p12 file
which is a very good thing.

If you really feel strongly about changing the current behaviour, then
we could discuss the details.

>
> 3. with Android 8.0.0, it does not work. No inquiry to specify a
> client certificate, even if a client certificate has been already
> installed.

This I will leave to Gareth.

Tomasz


>
> Best regards,
> ---
> Motonori NAKAMURA <motonori AT nii.ac.jp>
> National Institute of Informatics/Kyoto University, JAPAN
>
>
> To unsubscribe, send this message:
> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
> Or use the following link:
> https://lists.geant.org/sympa/sigrequest/cat-users

-- 
Tomasz Wolniewicz    
          twoln AT umk.pl        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750                            tel kom.: +48-693-032-576

Attachment: smime.p7s
Description: Kryptograficzna sygnatura S/MIME