Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] CatInstaller University of Basel - no certs get installed

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] CatInstaller University of Basel - no certs get installed


Chronological Thread 
  • From: Martin Pauly <pauly AT hrz.uni-marburg.de>
  • To: cat-users AT lists.geant.org
  • Subject: Re: [[cat-users]] CatInstaller University of Basel - no certs get installed
  • Date: Wed, 6 Oct 2021 13:47:38 +0200

Hi,

W dniu 05.10.2021 o 12:07, Thorsten Fritsch pisze:
we have reports from several Linux users (ie. Ubuntu 18.0.4, Linux
Mint 20.1) that the Certificates no longer get installed when
running the CAT Installer. In our case the QuoVadis Certs are not
to be found in /etc/ssl/certs after running the installer.

Could it be related to the recent upgrade to CAT 2.0.4 ?

On 05.10.21 18:09, Tomasz Wolniewicz wrote:
AT never installed certificates to the main store. It copies it to
.cat_installer in user's home directory and points the NetworkManager
to this location. It has always been like that. This way we do not
interfere with the trust settings for anything else then this
particular network profile.

I just had to (remotely) support an Ubuntu 20.04 from another German
university this morning.
Basically, it works for standard installs of the Debian/Ubuntu family.
technically, it's as simple as Tomasz'
description.
The most common issues are:
1. make the installer script executable after download
AFAIK this has to be done via CLI because GNOME 3 simply removed this item
from the file properties dialog
2. You have to call python2 where modern installs usually default to python3
Not really sure about the last one, though.
@ Stefan, Tomasz: Would it make sense to add a popup hint (like the one used
with .ONC e.g.)
for the Linux installer mentioning these details?

OTOH, from all graphical supplicant interfaces, Network Manager's is the best
by far (compare it to
the nightmarish Windows dialogs...)
So if you happen to auth against a public CA, configuring things manually
really is no big deal.
IMO, the only glitch is to call the Outer Identity "Anonymous Identity", this
is a bit misleading.

Cheers, Martin

--
Dr. Martin Pauly Phone: +49-6421-28-23527
HRZ Univ. Marburg Fax: +49-6421-28-26994
Hans-Meerwein-Str. E-Mail: pauly AT HRZ.Uni-Marburg.DE
D-35032 Marburg

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature




Archive powered by MHonArc 2.6.19.

Top of Page