Skip to Content.

cat-users - Re: [[cat-users]] Multiple root certificates on Android

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [[cat-users]] Multiple root certificates on Android


Chronological Thread 
    < Chronological >      < Thread >
  • From: Alex Sharaz <alex.sharaz AT york.ac.uk>
  • To: "Haynes, Jonathan" <j.haynes AT cranfield.ac.uk>
  • Cc: "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
  • Subject: Re: [[cat-users]] Multiple root certificates on Android
  • Date: Tue, 24 Sep 2019 15:37:03 +0100
And I've just been pestering the Cloudpath people for this functionality in their appliance.

Yes you can define multiple trusted certs and CA chains  on their appliance

No it won't work for Android
Yes it'll work for .mobileconfig  configurations ( read Apple)
No it won't work with their XpressConnect app :-( 

Apparently multiple CA chains in Android 1st quarter 2020, don't know about  the app yet :-(

Rgds
Alex


On Tue, 24 Sep 2019 at 15:25, Haynes, Jonathan <j.haynes AT cranfield.ac.uk> wrote:
I have just reread https://wiki.geant.org/display/H2eduroam/A+guide+to+eduroam+CAT+for+institution+administrators#AguidetoeduroamCATforinstitutionadministrators-Note3-CArolloversupport and realised I have missed something. It says  'You can upload multiple root CA certificates simultaneously to CAT. On all supported client OSes, all of them will be installed and all will be marked trusted.' It also says that Android versions < 7.1 do not support this. As I have a device running Android 8.0.0 I thought this should work OK but two certificates do not get installed.  Having reread that page however I see it also says 'Android 7.1 finally got its support for multiple trust roots; the eduroamCAT app will support that in a *future* update.' (my emphasis)

My question therefore - is there a timescale for the version when this will be supported?

As a second question - is there a way of knowing which certificate will be installed if I do have both defined to eduroam CAT?  At the moment it is installing what is currently the 'wrong' certificate. Can I define them to CAT in such a way that I know Android will install the other certificates. I do see that both certificates (and an intermediate needed by one of the roots) are defined in the eap-config file created by the tool.

Thanks in advance

--
---------------------------------------------------------------------------------------------------------
                                    Jonathan Haynes
                           Senior Network Specialist

IT Department,                                                                       Tel: 01234 754205
Bld 63,                                                         e-mail: J.Haynes AT Cranfield.ac.uk
Cranfield University,
Cranfield,
Beds, MK43 0AL

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users

Archive powered by MHonArc 2.6.19.

Top of Page