cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Jørn Åne de Jong <jornane.dejong AT surf.nl>
- To: cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] Multiple ca certs in catprofile ok?
- Date: Tue, 10 May 2022 09:22:25 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=surf.nl; dmarc=pass action=none header.from=surf.nl; dkim=pass header.d=surf.nl; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4lChzaCs46/kU0yItUjjBLDfC45rucZJpKIzz+d9x8Q=; b=F1UqMF2d9NtFmMilyJy9KmE1cEcmsSecRkbuFE+2rX6lPe6zWy4bQViZ+kDMAE8ASBlwIIWvebdP2udcAK344VSGfraAVvuHLbWLL1SEPo9DXJQ0RB2U2Jkbp12UpVFN2ojFf55bc3USg9hv4K5oc7HcDxwtPTnf45erKJ07tXH2sq7yHGN+oaVtPx87RxbE/Mj2J5dIHtLL6ygpMIaHzPOxtgkAFBWPg4AcdwJoXYf2C2VtDCIRNCMUkFqi98ewfn8BfX/UxDaDdXmuGACdDT5epI3BBz/Mc86fJpkXR3ZFQIoBq/+Q/F6zbFbL7YV9+uNFr4j43y4bck4VpkLxwQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Vq9iJofjQS6MTHK43nXvUu27vsErSX9quN/Dp5/64eD3JT7AgLeqLGnyGZ45iJH9UVuH1N3bzM7+ZyzKVJRQ4cKghRjcDPDjewh2Z2Q8rME3eDL2QF9+VGSP9PEHz27RDhIsKVXWL8ywaY7yHkoU/Y5Vafy25ZVty6f1xfm0ViveEEybYa3jEhw7aFFzN7SvXAhLutc3ra1qfAosD4BMK44YF49XA84Ept0G4FHIzsad1ebf6IA9vIKG39iw/rAkHiQtdTDhKr5tRe28Kv9IFmwb1lv+oYAIiB46vEwTn3kPAtl9ZjpbN3QogoUmpiFgRVOX1pt1Ja9VZT1YZ/D+mA==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=surf.nl;
On 10/05/2022 08:03, Stevens, Andy wrote:
Hi all,
Are there any known limitation (for example android phones) that devices cannot handle a root cert + 1 or 2 intermidiate certs?
When i read this:
Create a new “permanent” eduroam profile in eduroam CAT, containing only the new root CA certificate. Delete the “migration” eduroam profile.
On:
https://wiki.geant.org/display/H2eduroam/A+guide+to+eduroam+CAT+for+IdP+administrators
<https://wiki.geant.org/display/H2eduroam/A+guide+to+eduroam+CAT+for+IdP+administrators>
It confuse me, why “only the root cert”. I want to put the full chain of CA, without the device cert that come from the radius server anyway.
I read "only the new root CA certificate" as "not containing the old root CA certificate", as the list describes a rollover. I don't think that chapter says anything about intermediate certificates, but these would follow the root CA.
But I agree the text could probably be clarified, because with such a rollover, the whole chain should be replaced, so that would include any intermediates.
- [[cat-users]] Multiple ca certs in catprofile ok?, Stevens, Andy, 05/10/2022
- Re: [[cat-users]] Multiple ca certs in catprofile ok?, Jørn Åne de Jong, 05/10/2022
Archive powered by MHonArc 2.6.19.