cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Lukas Wringer <Lukas.Wringer AT rz.uni-augsburg.de>
- To: cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] eduroam and certificates
- Date: Fri, 13 Aug 2021 16:02:09 +0200
- Organization: Universitaet Augsburg
Hi,
this is more a problem of the (alt)subject_match entry than the certificates, as you configure the CA not the servers certificate.
Depending on the operating system you can use a list of possible servers or match a domain and it will work. I am not sure if CAT allows something like this though...
On Windows you could also remove a specific setting, so the user would get a warning about the wrong server name but could connect anyway - which I strongly advice against!
Greetings, Lukas
Am 13.08.21 um 15:29 schrieb Patrick Oberli:
Hello all
I’m currently wondering something about eduroam, PEAP and several radius servers. Our CA really doesn’t like to provide one certificate with multiple hostnames, destined for several radius servers.
I think I once tested this in the past, but I’m not sure. Assuming each radius server has a separate certificate only with its own hostname in the CN and Subj-Alt-Name, will the clients need to accept each single certificate, depending to which radius server the request is sent by the Wi-Fi controller?
This is assuming the user connected by selecting the right SSID on his device and entering his username/password and then accept the shown certificate. My assumption is yes, but I’m not anymore entirely sure. Or does the operating system only check the domain and root CA (I think android does that) if it’s the same today? So various certificates with the same domain from the same CA would not cause a certificate accept pop-up?
Kind regards
ICT - IT-Infrastructure
Netzwerk- und Multimediateam
Patrick Oberli
Tel direkt: +41 58 257 4958
Email: patrick.oberli AT ost.ch <mailto:patrick.oberli AT ost.ch>
OST – Ostschweizer Fachhochschule
ICT Information & Communication Technology |Oberseestrasse 10 | 8640 Rapperswil | Switzerland | https://www.ost.ch
OST – Ostschweizer Fachhochschule ist der Zusammenschluss aus HSR Rapperswil, FHS St.Gallen und NTB Buchs.
To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users
--
Lukas Wringer
Universität Augsburg
Rechenzentrum
Service & Support
86135 Augsburg
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
- [[cat-users]] eduroam and certificates, Patrick Oberli, 08/13/2021
- Re: [[cat-users]] eduroam and certificates, Lukas Wringer, 08/13/2021
- Re: [[cat-users]] eduroam and certificates, Martin Pauly, 08/13/2021
- Re: [[cat-users]] eduroam and certificates, Alan Buxey, 08/13/2021
- RE: [[cat-users]] eduroam and certificates, Patrick Oberli, 08/13/2021
- Re: [[cat-users]] eduroam and certificates, Jan-Frederik Rieckers, 08/14/2021
- Re: [[cat-users]] eduroam and certificates, Martin Pauly, 08/16/2021
- RE: [[cat-users]] eduroam and certificates, Patrick Oberli, 08/17/2021
- Re: [[cat-users]] eduroam and certificates, Martin Pauly, 08/17/2021
- Re: [[cat-users]] eduroam and certificates, Vlad Mencl, 08/18/2021
- RE: [[cat-users]] eduroam and certificates, Patrick Oberli, 08/18/2021
- Re: [[cat-users]] eduroam and certificates, Martin Pauly, 08/18/2021
- Re: [[cat-users]] eduroam and certificates, Martin Pauly, 08/17/2021
- RE: [[cat-users]] eduroam and certificates, Patrick Oberli, 08/17/2021
- Re: [[cat-users]] eduroam and certificates, Martin Pauly, 08/16/2021
- Re: [[cat-users]] eduroam and certificates, Jan-Frederik Rieckers, 08/14/2021
Archive powered by MHonArc 2.6.19.