The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[NAKAMURA Motonori <motonori AT nii.ac.jp>]

Dear Tomasz,

Thank you for the answers. I confirmed that the issue #0 is caused by 
Microsoft Edge Browser... I can drop the EAP-TLS item by using Chrome!

I also understand that it would be better to specify .p12 file on 
installation in most situation (with a client certificate only for 
eduroam). But I would be happy if there is an option to specify an 
installed certificate in case a user want to chose (with a client 
certificate which is also used for other purposes) to avoid duplicated 
certificate installation procedures...

Best regards,
- motonori

On 2019/04/24 17:33, Tomasz Wolniewicz wrote:
> Hi,
>
> W dniu 24.04.2019 o 10:13, NAKAMURA Motonori pisze:
> > Hello,
> >
> > I've just tried to configure my devices with an EAP-TLS profile/CAT,
> > and there are some issues.
> >
> > 0. I added a EAP-TLS item to an existing profile only with EAP-PEAP,
> > After that, I want to delete the added EAP-TLS item from the profile
> > to separate int two profiles -- EAP-PEAP profile and EAP-TLS profile.
> > But I cannot remove the EAP-TLS item from the existing profile. After
> > clicking "save data", EAP-TLS appears again...
> You mean, you drag TLS to the lower square and save? I have just tested
> this on the production CAT and everything went smoothly as expected.
> > 2. with Windows10 Pro (1809), it works. But the installer requires
> > .p12 file on installation. I'd like to use an already installed client
> > certificate... (It seems Windows10 automatically finds ID from CN in
> > the certificate)
>
> I think that the user experience is better in you require the p12 file.
> suppose you want to renew the certificate with the same CN. If the user
> just installs the cert first, they will get to choose from two seemingly
> identical. There may also be other certs in the system, making user to
> select the appropriate one can be hard. I used to have a special setting
> for my university, where the system would look for certs with a CN
> matching a pattern and automatically using an installed one if it was
> found, but again this causes problems with renewing the cert. The
> current process actually pins the cert supplied within the p12 file
> which is a very good thing.
>
> If you really feel strongly about changing the current behaviour, then
> we could discuss the details.
>
> > 3. with Android 8.0.0, it does not work. No inquiry to specify a
> > client certificate, even if a client certificate has been already
> > installed.
>
> This I will leave to Gareth.
>
> Tomasz
>
>
> > Best regards,
> > ---
> > Motonori NAKAMURA <motonori AT nii.ac.jp>
> > National Institute of Informatics/Kyoto University, JAPAN
> >
> >
> > To unsubscribe, send this message:
> > mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
> > Or use the following link:
> > https://lists.geant.org/sympa/sigrequest/cat-users