Skip to Content.

cat-users - Re: [[cat-users]] Multiple ca certs in catprofile ok?

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [[cat-users]] Multiple ca certs in catprofile ok?


Chronological Thread 
    < Chronological >      < Thread >
  • From: Jørn Åne de Jong <jornane.dejong AT surf.nl>
  • To: cat-users AT lists.geant.org
  • Subject: Re: [[cat-users]] Multiple ca certs in catprofile ok?
  • Date: Tue, 10 May 2022 09:22:25 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=surf.nl; dmarc=pass action=none header.from=surf.nl; dkim=pass header.d=surf.nl; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4lChzaCs46/kU0yItUjjBLDfC45rucZJpKIzz+d9x8Q=; b=F1UqMF2d9NtFmMilyJy9KmE1cEcmsSecRkbuFE+2rX6lPe6zWy4bQViZ+kDMAE8ASBlwIIWvebdP2udcAK344VSGfraAVvuHLbWLL1SEPo9DXJQ0RB2U2Jkbp12UpVFN2ojFf55bc3USg9hv4K5oc7HcDxwtPTnf45erKJ07tXH2sq7yHGN+oaVtPx87RxbE/Mj2J5dIHtLL6ygpMIaHzPOxtgkAFBWPg4AcdwJoXYf2C2VtDCIRNCMUkFqi98ewfn8BfX/UxDaDdXmuGACdDT5epI3BBz/Mc86fJpkXR3ZFQIoBq/+Q/F6zbFbL7YV9+uNFr4j43y4bck4VpkLxwQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Vq9iJofjQS6MTHK43nXvUu27vsErSX9quN/Dp5/64eD3JT7AgLeqLGnyGZ45iJH9UVuH1N3bzM7+ZyzKVJRQ4cKghRjcDPDjewh2Z2Q8rME3eDL2QF9+VGSP9PEHz27RDhIsKVXWL8ywaY7yHkoU/Y5Vafy25ZVty6f1xfm0ViveEEybYa3jEhw7aFFzN7SvXAhLutc3ra1qfAosD4BMK44YF49XA84Ept0G4FHIzsad1ebf6IA9vIKG39iw/rAkHiQtdTDhKr5tRe28Kv9IFmwb1lv+oYAIiB46vEwTn3kPAtl9ZjpbN3QogoUmpiFgRVOX1pt1Ja9VZT1YZ/D+mA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=surf.nl;
On 10/05/2022 08:03, Stevens, Andy wrote:
Hi all,

Are there any known limitation (for example android phones) that devices cannot handle a root cert + 1 or 2 intermidiate certs?

When i read this:

Create a new “permanent” eduroam profile in eduroam CAT, containing only the new root CA certificate. Delete the “migration” eduroam profile.

On:

https://wiki.geant.org/display/H2eduroam/A+guide+to+eduroam+CAT+for+IdP+administrators

<https://wiki.geant.org/display/H2eduroam/A+guide+to+eduroam+CAT+for+IdP+administrators>

It confuse me, why “only the root cert”. I want to put the full chain of CA, without the device cert that come from the radius server anyway.

I read "only the new root CA certificate" as "not containing the old root CA certificate", as the list describes a rollover. I don't think that chapter says anything about intermediate certificates, but these would follow the root CA.

But I agree the text could probably be clarified, because with such a rollover, the whole chain should be replaced, so that would include any intermediates.

Archive powered by MHonArc 2.6.19.

Top of Page