Skip to Content.

cat-users - Re: [[cat-users]] New root certificate issue ?

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [[cat-users]] New root certificate issue ?


Chronological Thread 
    < Chronological >      < Thread >
  • From: Tomasz Wolniewicz <twoln AT umk.pl>
  • To: cat-users AT lists.geant.org
  • Subject: Re: [[cat-users]] New root certificate issue ?
  • Date: Wed, 27 Jan 2021 17:55:45 +0100
  • Dkim-filter: OpenDKIM Filter v2.11.0 outgoing.umk.pl EC6BE2008C
The trust is based on two factors the root CA certificate and the CN of
the server certificate. If either of these needs to be changed you are
forced to reinstall.  This is why many institutions decide to their own
CA and be in full control over server certificates. The downside of this
solution is that the installer is required to add the local root
certificate to the client certificate store. This sometimes requires
special privileges.

Cheers

Tomasz Wolniewicz

W dniu 27.01.2021 o 16:54, GINISTY Benoit pisze:
> Hello,
>
> We're using cat from years, now.
>
> Our authority certification has changed, so I added them in the
> configuration interface of the cat software.
>
> When I setup my new radius certificate issued from my new root-ca, it
> seems all my client with old cat software release (old root-ca) can't
> connect anymore. Clients  are simply ignoring authentication request,
> cause it's not coming with the good certificate.
>
> My radius conf is ok, cause when connecting from a device set up
> manually (without cat.eduroam) it works fine.
>
> Did I miss something wrong in the cat.eduroam config ?
>
> Am I forced to re-install all clients with new release of cat.eduroam
> because my root-ca has changed ? Is there a way to prevent this to
> happen again if my authority certification will change again in few
> years ?
>
>
> All ideas are welcomed ;-)
>
> Kind regards,
>
> Benoit.
>
> To unsubscribe, send this message:
> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
> Or use the following link:
> https://lists.geant.org/sympa/sigrequest/cat-users

--
Tomasz Wolniewicz
twoln AT umk.pl http://www.home.umk.pl/~twoln

Uniwersteckie Centrum Informatyczne Information&Communication Technology
Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 tel kom.: +48-693-032-576


Attachment: smime.p7s
Description: Kryptograficzna sygnatura S/MIME


Archive powered by MHonArc 2.6.19.

Top of Page