cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Tomasz Wolniewicz <twoln AT umk.pl>
- To: Jan Reister <Jan.Reister AT unimi.it>, cat-users AT lists.geant.org
- Cc: Claudio Lori <claudio.lori AT unimi.it>
- Subject: Re: [[cat-users]] unverified profile on iOS 13 + TERENA certificate
- Date: Mon, 3 Feb 2020 14:52:02 +0100
- Autocrypt: addr=twoln AT umk.pl; prefer-encrypt=mutual; keydata= mQENBEvhYBEBCADIlSk8hnUtSfZ1hLbuqiUxTiBtm65lM6OlxjYnWEsH/boOsVS/WdFZebwK 53eg280UcX9VDjFjy5rimsknCvxabnxk13AF//t9mN9tq5MmIkIcRIpLrtqc8Q0s0E84cNzB bDMtRzAd7JUTmKyAnkKE9i2R9FJKzeR9TTeKtBdgXHtUKPHPGOdxUUv8UWKxsj9AYi2CgN98 jiWLx6lTIpaWegWxIyih7WUKSf43Bpi6wFxhfOxteLyQUpIlGg4CasTVGpFsha8KzlupXOLG Tl3hXtQFWvE0tl1GidvTyuQlOzsZ1vjTNEzI25VTkOIgP4IYcWSkP74p/a239ZcTOHhZABEB AAG0IFRvbWFzeiBXb2xuaWV3aWN6IDx0d29sbkB1bWsucGw+iQE4BBMBAgAiBQJL4WARAhsD BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRA8PEwxkb+lPgkeB/9NAGlmopLel6EEDFz2 ra3KLBx8kXT3G1K/YYyrjDwNjCkAmm0evzQx8g9vPX2OzvE6Ai2Xi9hPd2K/ShPFPcgJzzjr h9H1XYfBb2N/tRwN9tb4XO5i9Tsa4jP+SG8h2yQY57QOeFy16joDmIZiZrAEIGpqqSV24PrX FSo2d1E4dMswqDXlEYk9hwbdW9H4zOQrnDZeRlRx/RW/cmWTd8r5C12dKhlT/D/fBkL3eYT7 rnjHtS+ArnMUsxu2Z/q6bmxqRyv4Vn4pR0n699iLa0ol2hWeQJFaZyTA7JksW8zWu/Zasd9K Dw3jM59vs/SXVdG8pMexAzH5jmEEAgwYwUbVuQENBEvhYBEBCACgAz/z7VTnCsPSBUrjCLyS j+eRtr2tQzSU48Qa5hOcIxAKQJQNgOOqs0Mq9fT9lV+OttaYyKtijt1+G2dVMETVFkdZmM0c g8pVJp398993v89U/iwjfvNoqCM/9z312Poha/oL/EOk+gWYxZbyQ18SY69va2WHr6Pl3bzR 6BQpb86W85MreQ2lxd76b6BgjOXA/b39YyU/fMeFQd+wDpT3K1fUr89dYRnyzQIxTBSPOMLQ ShHKc/S8dStbNlLNcnaiyBOsH4A7b6IizQGqyVHBeL7u05X0/ZVdEIgsO3NmQouqY0/WjBdV qg4EsI1VvvgwXKWafP1MryLy4ZcnNjQZABEBAAGJAR8EGAECAAkFAkvhYBECGwwACgkQPDxM MZG/pT6lUQf8DC3i15okq3VycbpTYuH6f1lQkqanMS0z4z8F6xtCeXq0DBFk0ZzAU/mCwc3V PdUVGtRKGjouSAB1HDeTvAth1vY0oOJG3kXBwkcui3QxM3sxksNCRLLwcZVnsK9rt6UVp5aG qBwKf44BSApGyHNuKDhCfMCQHueqlfhJYfXocw6KDObvTkwygHLmw93ohV66v26yNvGo6+q2 qTDykGyuicACPDTyJTWFh2IwwZFAdzcc7St8aKkXFk0zWvoriWHeTLUnuFw7HN640IJkG74a 4NGco2yPc7Cz6q59rgE9xydOOXRdmnfiuJu0kQvQocD1rVLjW3qXdnxPd2/FhO4vWg==
- Openpgp: preference=signencrypt
Hi,
cat-test is really for testing new software versions, so we did not
pay enough attention to have the signing certs in order, but we will do
that, thnk you for reporting.
To do what you want to test now I would suggest that you use the
production CAT and create a new profile with production-ready flag set
to off. This profile can then have you new certificate. It will not be
visible to your users but as the admin you will be able to download the
installers in their final form and test them.
Tomasz
W dniu 03.02.2020 o 12:02, Jan Reister pisze:
> Hello list,
>
> we are using cat-test.eduroam.org to test a new certificate issued by
> DigiCert and TERENA. We plan to deploy the new certificate soon as the
> existing cert on cat.eduroam.org for our university is expiring.
>
> The deployment via cat-test of the certificate on iOS fails as the
> profile is "unverified". Profile details show two signing certificates,
> one valid by TERENA, and another by GEANT which is *expired*.
>
> See attached pics.
>
> We extracted certificates from the .mobileconfig file and verified that
> the certificate chain is correct.
>
> $ openssl verify -verbose -CAfile RootCAFile -untrusted
> IntermediateCAFile CertificateFile
> $ CertificateFile: OK
>
> We can't find any reference to the GEANT signature on the certificate
> chain.
> Looks like the .mobileconfig generator on cat-test works correctly.
> Somehow seems that iOS picks up the GEANT signing certificate which is
> expired, and ignores the TERENA signing certificate.
>
> We tried turning it off and on again(R), to no avail :-)
>
> Do you have any idea why is this happening?
>
> Thank you for your attention,
>
> Jan and Claudio
--
Tomasz Wolniewicz
twoln AT umk.pl http://www.home.umk.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
Attachment:
smime.p7s
Description: Kryptograficzna sygnatura S/MIME
- [[cat-users]] unverified profile on iOS 13 + TERENA certificate, Jan Reister, 02/03/2020
- Re: [[cat-users]] unverified profile on iOS 13 + TERENA certificate, Tomasz Wolniewicz, 02/03/2020
- Re: [[cat-users]] unverified profile on iOS 13 + TERENA certificate, Claudio Lori, 02/03/2020
- Re: [[cat-users]] unverified profile on iOS 13 + TERENA certificate, Tomasz Wolniewicz, 02/03/2020
Archive powered by MHonArc 2.6.19.