Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] Adding CA to RADIUS/EAP profile is broken

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] Adding CA to RADIUS/EAP profile is broken


Chronological Thread 
  • From: Stefan Winter <stefan.winter AT restena.lu>
  • To: Jakub Jirutka <jakub.jirutka AT fit.cvut.cz>, cat-users AT lists.geant.org
  • Cc: 'Milan Beneš' <milan.benes AT cvut.cz>
  • Subject: Re: [[cat-users]] Adding CA to RADIUS/EAP profile is broken
  • Date: Wed, 17 Mar 2021 12:45:59 +0100

Hello,

for the benefit of the list: we resolved this offline - the issue was
that the uploaded CA was an intermediate, and the profile lacked a root
CA to anchor it in.

We also received suggestions to make the UI clearer in that respect, and
are looking into this.

Greetings,

Stefan Winter

Am 08.03.21 um 20:48 schrieb Jakub Jirutka:
> Hello,
>
> I need to change CA file in the EAP profile, but it doesn’t work. I’ve
> tried edit existing profile, create a new one, upload file with single PEM,
> full chain, chain without root, use file upload and URL… but everything
> leads to the same error result.
>
> Steps to reproduce:
>
> 1. On https://cat.eduroam.org/admin/overview_idp.php click on [Edit] in the
> profile box.
> 2. In “EAP Details for this profile”:
> 2.1 remove existing CA Certificate File using [-] button,
> 2.2 click on [Add new option], select “CA Certificate URL” and paste
> https://pki.cesnet.cz/_media/certs/usertrust_rsa_certification_authority.pem.
> 3. Click on [Save data] and you will get result page with:
> Supported EAP Type: PEAP-MSCHAPv2 is missing required information CA
> Certificate File !
> The EAP type was added to the profile, but you need to complete the
> missing information before we can produce installers for you.
> 4. Click on [Continue to dashboard], you will see the following text in the
> profile box: “EAP-MSCHAPv2 Information needed! CA Certificate File”.
> 5. Click on [Edit] again, you will see that the certification file was
> actually correctly parsed, but there’s (I) in a blue circle without any alt
> text or anything next to the [-] button and text box with the parsed
> certificate DN:
> C=US
> ST=New Jersey
> L=Jersey City
> O=The USERTRUST Network
> CN=USERTrust RSA Certification Authority
>
>
> Please fix it ASAP. We had to change the RADIUS certificate today, so users
> have to update their eduroam configuration, but CAT currently doesn’t work
> for them.
>
> Best regards,
> Jakub Jirutka
> FIT CTU in Prague
>


Attachment: OpenPGP_signature
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.19.

Top of Page