The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Robert Franklin <rcf34 AT cam.ac.uk>]

Hello,


> On 10 Sep 2019, at 13:38, Stefan Paetow <Stefan.Paetow AT jisc.ac.uk> wrote:
> 
> Apologies if the question has been asked before (I've searched the archives 
> and only found one instance from April this year that doesn't really answer 
> the question): One of our institutions has to update its RADIUS 
> certificates (including CA root), and as such, they now need to update 
> their CAT tool to include both sets of certificates to allow for a smooth 
> transition.
> 
> Does CAT support this? If yes, that's good and I'll have to look at the 
> interface (I don't have any organisations in CAT to look), if no, what is 
> the advice for this scenario?
> 
> I'd usually ask my colleague who's been around eduroam a lot longer (you 
> know him ;)), but he's on leave, so I'm frantically paddling in deep water 
> with this one ;-)
> 
> Thanks very much in advance.

We plan to do this by setting up a new certificate in advance and allowing 
the supplicant device to select the new one by using a new outer identity.  
Once the new one is set up, we tell people to install the CAT again to switch 
over, during an overlap period.  It's described here:

https://help.uis.cam.ac.uk/service/wi-fi/other#server-selection

... one advantage of this solution over using multiple certs in the CAT 
because you can tell how the supplicant device is configured (and who hasn't 
updated).


I say "plan" because we brought this system in at the start of the year and 
haven't tried a rollover with it, yet!  However, it works with the two 
options we've set up so far.

  - Bob


-- 
Bob Franklin   rcf34 AT cam.ac.uk / (+44 1223 7) 48479
Networks, University Information Services, University of Cambridge