The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Gheorghiță Butnaru <gheorghita.butnaru AT staff.tuiasi.ro>]

Hello,

We want to start using CAT in our university but I encountered some problems with Android phones (tried on 9 and 10).
I can manually connect without validating the certificate or by selecting "use system certificate" and manually add the FQDN of the radius server but when I'm trying to use CAT it doesn't work.

Radius log:
(150) eap_peap: Continuing EAP-TLS
(150) eap_peap: Peer indicated complete TLS record size will be 7 bytes
(150) eap_peap: Got complete TLS record (7 bytes)
(150) eap_peap: [eaptls verify] = length included
(150) eap_peap: <<< recv TLS 1.2  [length 0002]
(150) eap_peap: ERROR: TLS Alert read:fatal:unknown CA
(150) eap_peap: TLS_accept: Need to read more data: error
(150) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
(150) eap_peap: TLS - In Handshake Phase
(150) eap_peap: TLS - Application data.
(150) eap_peap: ERROR: TLS failed during operation
(150) eap_peap: ERROR: [eaptls process] = fail
(150) eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed
(150) eap: Sending EAP Failure (code 4) ID 79 length 4
(150) eap: Failed in EAP select
(150)     [eap] = invalid
(150)   } # authenticate = invalid
(150) Failed to authenticate the user
(150) Using Post-Auth-Type Reject

I am using a certificate from Sectigo (via GEANT) and I tried to include both intermediates and the root in the CAT config without luck.

Works without any problems on Linux and Windows 7/10.

Any ideas?

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature