cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Andrea Delise <delise AT sissa.it>
- To: Paul Dekkers <paul.dekkers AT surf.nl>, patrick.oberli AT ost.ch
- Cc: cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] Multiple CA - Android
- Date: Mon, 7 Dec 2020 12:03:19 +0100
- Dkim-filter: OpenDKIM Filter v2.11.0 smtp.sissa.it 0892B1652
Hi Paul and Patrick, thanks for your replies.
On 07/12/20 09:04, Paul Dekkers wrote:
I had a hypothesis that the error showed up because of installing a private
CA; I see your current CA is from DigiCert: what are you planning to replace
it with? If that’s a self-signed CA, my hypothesis could still stand. If it’s
Sectigo instead of DigiCert, it could still be that my unlock pattern is
perceived stronger by Android than a pin-code (with a particular length:
related to the requirement for Exchange servers too).
I have managed to get a test wifi with the new certificate. The CA I was adding to Digicert was Sectigo. But the testing device was kindly provided by a colleague, so I couldn't perform many tests. And I couldn't play much with its security configuration, sorry... The device (a Samsung A40) was using a pattern lock, I tried to switch it to pin lock (I do not remember the pin lenght).
I could get my hands on another Samsung Android device in a couple of days, in case I'll let you know.
I’m also very curious if on this particular device and profile the
“geteduroam” App works for you. (The plan is to suggest geteduroam for
Android 8+ instead of the existing eduroam CAT app, and it may or may not
solve the problem: but that’s important to know.) We paid attention to, and
did test, multiple CAs. And it consumes the eduroam CAT profiles just fine.
Do you refer to the Samsung lock problem, or to the multiple CA installation? Is the geteduroam app available for all eduroam institutions?
For the multiple CA, that is my main concern now, my fear is that CAT installs the correct CA file with both CA, but some Android devices refuse to look further the first CA in the file. My main question remains: what are the community statistics about installation and usage of multiple CA on android < 10? Am I the unlucky guy?
I read the documentation more carefully, and it says:
Android 7.1 finally got its support for multiple trust roots; the eduroamCAT app will support that in a future update.
What is the current state of the app? Is it supported? To my tests it looks working, but only for Android >=10...
I'm planning to try install the certificate manually to iron out cat problems... Shame I didn't think about it when I was in office, now I'm home...
Best regards,
Andrea Delise
- [[cat-users]] Multiple CA - Android, Andrea Delise, 12/07/2020
- RE: [[cat-users]] Multiple CA - Android, Patrick Oberli, 12/07/2020
- Re: [[cat-users]] Multiple CA - Android, Paul Dekkers, 12/07/2020
- Re: [[cat-users]] Multiple CA - Android, Andrea Delise, 12/07/2020
- Re: [[cat-users]] Multiple CA - Android, Paul Dekkers, 12/07/2020
- Re: [[cat-users]] Multiple CA - Android, Andrea Delise, 12/10/2020
- Re: [[cat-users]] Multiple CA - Android, Paul Dekkers, 12/10/2020
- Re: [[cat-users]] Multiple CA - Android, Andrea Delise, 12/11/2020
- Re: [[cat-users]] Multiple CA - Android, Paul Dekkers, 12/10/2020
- Re: [[cat-users]] Multiple CA - Android, Andrea Delise, 12/10/2020
- Re: [[cat-users]] Multiple CA - Android, Paul Dekkers, 12/07/2020
- Re: [[cat-users]] Multiple CA - Android, Andrea Delise, 12/07/2020
Archive powered by MHonArc 2.6.19.