cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Jakub Jirutka <jakub.jirutka AT fit.cvut.cz>
- To: cat-users AT lists.geant.org
- Cc: 'Milan Beneš' <milan.benes AT cvut.cz>
- Subject: [[cat-users]] Adding CA to RADIUS/EAP profile is broken
- Date: Mon, 8 Mar 2021 20:48:21 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fit.cvut.cz; dmarc=pass action=none header.from=fit.cvut.cz; dkim=pass header.d=fit.cvut.cz; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a2T4UgIHsXvGUjQiufMhssG6xKX6rOaZZ2f4L7CF2xE=; b=UUQMXhSnLO4XK8AoDa7ZsW3IxpMUgqHCwVh2I8HL2sxSD/8kI/dEIMOCoLFsB+9b38I30Z9+rtpAG20Phs8WkpLexD/hl7u1d9tin5zGjnUwW+HS0tiP9gYoq6UggnGa4URHoSx2zOEaOxPnM9O/p7E2Y8lwgrQXlkzhrmkGMOWgDAprwiBIMv6eFnw2F7kLSkY9lFhZga29dmWGgbn7rMnkOSeBd0apb8c8DFMl8eLNqSKMv8+kUlkCnX+sAe4qKHM7HUifQi+3+Mde/Icsdh6wFj59vnACz9DF73hMokJXXVgMXxK98k6gzbTQEB+RXXtV5vX/hrfJELeYj0sEPw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q3yFvBYbmLs8A8MIdl400IMS45CzG0SpqYzw0G2zO764qqsvWgh8R6rH1Qi8YvUVs3mpiFZFUEQY2HLjWd2IyyOFZSi7dqpSSeGXiyggEOcjIC9Dke42Z8yhq84KdrBxbI7YnD6kokwrRaG3DHUnmUosUNtUDzh688ttnXCTFXwZstirSSpgY/VIxHudT/iK12MXf5qczrJaEjRHx1tY7AfLqOIeQIvlihCH+6SmMeTHM05Enhdl3r7rDuGomOE5aRczj4aAG5QBiynEBKDLJ5X8sJ0Su7Ep5jGq6y6uSP5JyrCuergy/SCLBQQUnXcGmr+lMrMPkbiku9KeP2n9Kw==
- Authentication-results: cvut.cz; dkim=none (message not signed) header.d=none;cvut.cz; dmarc=none action=none header.from=fit.cvut.cz;
Hello,
I need to change CA file in the EAP profile, but it doesn’t work. I’ve tried
edit existing profile, create a new one, upload file with single PEM, full
chain, chain without root, use file upload and URL… but everything leads to
the same error result.
Steps to reproduce:
1. On https://cat.eduroam.org/admin/overview_idp.php click on [Edit] in the
profile box.
2. In “EAP Details for this profile”:
2.1 remove existing CA Certificate File using [-] button,
2.2 click on [Add new option], select “CA Certificate URL” and paste
https://pki.cesnet.cz/_media/certs/usertrust_rsa_certification_authority.pem.
3. Click on [Save data] and you will get result page with:
Supported EAP Type: PEAP-MSCHAPv2 is missing required information CA
Certificate File !
The EAP type was added to the profile, but you need to complete the
missing information before we can produce installers for you.
4. Click on [Continue to dashboard], you will see the following text in the
profile box: “EAP-MSCHAPv2 Information needed! CA Certificate File”.
5. Click on [Edit] again, you will see that the certification file was
actually correctly parsed, but there’s (I) in a blue circle without any alt
text or anything next to the [-] button and text box with the parsed
certificate DN:
C=US
ST=New Jersey
L=Jersey City
O=The USERTRUST Network
CN=USERTrust RSA Certification Authority
Please fix it ASAP. We had to change the RADIUS certificate today, so users
have to update their eduroam configuration, but CAT currently doesn’t work
for them.
Best regards,
Jakub Jirutka
FIT CTU in Prague
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- [[cat-users]] Adding CA to RADIUS/EAP profile is broken, Jakub Jirutka, 03/08/2021
- Re: [[cat-users]] Adding CA to RADIUS/EAP profile is broken, Stefan Winter, 03/17/2021
Archive powered by MHonArc 2.6.19.