Skip to Content.

cat-users - [[cat-users]] Multiple root certificates on Android

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


[[cat-users]] Multiple root certificates on Android


Chronological Thread 
    < Chronological >      < Thread >
  • From: "Haynes, Jonathan" <j.haynes AT cranfield.ac.uk>
  • To: "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
  • Subject: [[cat-users]] Multiple root certificates on Android
  • Date: Tue, 24 Sep 2019 14:23:05 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cranfield.ac.uk; dmarc=pass action=none header.from=cranfield.ac.uk; dkim=pass header.d=cranfield.ac.uk; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K5ZdvXqZ69UH5qrmKalTTyZTTA9p50y6Uhs2SyPafBY=; b=T7ou3273XxKUayKJAuhEgg384ZJoAAESbMKOcR+iJnBPjFFBSKnsSN67CJ+ZFa/om8JWSiKAzuaIntkvU+xuTv5aBVkwbmnExpeFbMN5VM/CCfamhGVhCp5BmbGTsP5zwpx7hr7+steLQ3d6gyPPF9DX9K8RNYJU9rH69mS0FPohiL7ZmtXAJhC17Ba3f1RCgw+BWQykuZqmeyfWPVP+raUlYtzrdBWIFA3H2BS/SHwm20opJyabU6AzY5KohsyIaHQKgOAeMNDe8I03kxIy8f9Rs8fjz0KSjDko2HFcLA+VCgntJK2asMs//3HxPboEG5nc4TsgJrTnKHdEDDcn2Q==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fgSq90fj8Wggc0KEFKXXbzZNWifblibiQ4nZEiFMd0Sp/N2SqRoHpSc1wlMSHM46MmpOMP6uHNhKJ7/CxHeoY0Ac2ipzqyCTf/TzV4/st4BumfoFwrbvvnN96vVQIP5BhwAFcccryvL1WqcI+1IwkjoxKa0/qC7LnAfRAJf4AEzV1WoK2/ExYLQbIXKN1fV884slmjSzvmmN9PDfMN3kgGspyIJY6Vfvqcu6zFTUcrBpwK0j/7rQgftDR7tQLTpxBxzK9F+OZYX3GNEVMm526FWpebhmIN290B9Yd6qj3TsQOMlJbNJvtaaZ2o0j2xLUHHKIOnUlh7nMMhjnoGlfuw==
I have just reread
https://wiki.geant.org/display/H2eduroam/A+guide+to+eduroam+CAT+for+institution+administrators#AguidetoeduroamCATforinstitutionadministrators-Note3-CArolloversupport
and realised I have missed something. It says 'You can upload multiple root
CA certificates simultaneously to CAT. On all supported client OSes, all of
them will be installed and all will be marked trusted.' It also says that
Android versions < 7.1 do not support this. As I have a device running
Android 8.0.0 I thought this should work OK but two certificates do not get
installed. Having reread that page however I see it also says 'Android 7.1
finally got its support for multiple trust roots; the eduroamCAT app will
support that in a *future* update.' (my emphasis)

My question therefore - is there a timescale for the version when this will
be supported?

As a second question - is there a way of knowing which certificate will be
installed if I do have both defined to eduroam CAT? At the moment it is
installing what is currently the 'wrong' certificate. Can I define them to
CAT in such a way that I know Android will install the other certificates. I
do see that both certificates (and an intermediate needed by one of the
roots) are defined in the eap-config file created by the tool.

Thanks in advance

--
---------------------------------------------------------------------------------------------------------
Jonathan Haynes
Senior Network Specialist

IT Department,
Tel: 01234 754205
Bld 63, e-mail:
J.Haynes AT Cranfield.ac.uk
Cranfield University,
Cranfield,
Beds, MK43 0AL


Archive powered by MHonArc 2.6.19.

Top of Page