Skip to Content.

cat-users - RE: [[cat-users]] Windows hates me

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


RE: [[cat-users]] Windows hates me


Chronological Thread 
    < Chronological >      < Thread >
  • From: "Dean, Barry" <bvd AT liverpool.ac.uk>
  • To: 'Tomasz Wolniewicz' <twoln AT umk.pl>, "'cat-users AT lists.geant.org'" <cat-users AT lists.geant.org>
  • Subject: RE: [[cat-users]] Windows hates me
  • Date: Wed, 13 Jul 2022 12:50:16 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=liverpool.ac.uk; dmarc=pass action=none header.from=liverpool.ac.uk; dkim=pass header.d=liverpool.ac.uk; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pJhDEmC2hdlyqO6VIx62K/Hbgjijq3cXOnjtc06kWPA=; b=AcnmMBTc24Hak8f2brxGKx3yeRCqWsGlsa2OnGBwnxbHf0qBoUHl1vS/eRsar07ldAXzQsxJMGdMfKn+FW/UcTADdvTWlGHvNVOr8+lStv3R36zH3wmIz8Ll71h1ImXb+N0nqhwe6qvJA1zqiHyC218rTHKGpT2H99HrNdsW+KSsbGQanHHX4Ncbe11Nr+niFWTCkQdAq0CAHeIwpIaXcxccwVBQhgiKoYwJU21Z9V3q0LsOqXbJU+g7ZE7uqil2LkVEs8/38Zil078NcUi43dKgTF7Pt+f3G5DaQ/0+QvTaqKy+FCZT7gSiyH15Umd0Le4Bw4MORzkxt3hBTLALtg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UgrMnNQL9A2zIYeNdMxmQIjIp8yIzObLVT8A0G6HGaKK0mLsDktfpE1KOWJf6+IVICydXEdjaTrI80rI2Q6TbZvmLerxlzbfvLhSq61D9yZ6g05mesb3szdxq7qkDtsJzz/RgmUeSxa8O37hDLXJ+qZNf7JOA4lgtZBGNjfquGruA4Lh+lsH6oSJ+SCl3sqyRpmtepOebtd0WaZ87pyy9U+MXBwE7Lg0Hm/xx4DVxQygxEJCBjP8v4bDLqQ8Lxw6dzqal39l8/28mYc9rn3gOouoxAEd2J3zd8gR6DplhvZZ+C5UHnYD8WdY2/0FHEeAdghw8eAhLD8xLd4s/0fEVg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=liverpool.ac.uk;

Yes, we fixed it in the end. There are two “USERTRUST” certs out there that look very, very similar. But on closer inspection, one is a Root CA and one is an Intermediate.

 

The problem with certificates is the software we have to manage them. It ranges from the rubbish to the “meh, it kinda works”.

 

--

Barry Dean BSc (Hons) (He/Him)

Network Services Team Leader

IT Services

University of Liverpool

https://liverpool.ac.uk/

UoL - Logo - CMYK - small

 

From: Tomasz Wolniewicz <twoln AT umk.pl>
Sent: 13 July 2022 10:40
To: Dean, Barry <bvd AT liverpool.ac.uk>; 'cat-users AT lists.geant.org' <cat-users AT lists.geant.org>
Subject: Re: [[cat-users]] Windows hates me

 

The situation today may be different from the moment it was reported. But now all looks just fine. The fingerprint in the installed profile is what it is expected to be, i.e. matches the certs which are attached to the profile.

Cheers

Tomasz

 

W dniu 14.06.2022 o 12:31, "Dean, Barry" (via cat-users Mailing List) pisze:

So today was the big switchover day to a new radius cert signed by a new root CA.

 

All OSes tested work with the CAT tool. Except Windows.

 

The profile has the Intermediate and Root Cas in it and the name of the radius server it is authenticating.

 

In the Windows XML profile the thumbprint in the “TrustedCA” tag, is set to one I can’t find anywhere!

 

When we change it to the fingerprint of the new radius server cert, it all works.

 

Why does that profile work everywhere on all OSes, and is different on Windows 10!

 

Thanks

 

Barry Dean BSc (Hons) (He/Him)

Network Services Team Leader

Network Services Team

IT Services

 Start a Teams Chat with Barry Dean

 

University of Liverpool I IT Services I Brownlow Hill I Liverpool I L69 3GG
Tel: 0151 795 9540

 

 

-- 
Tomasz Wolniewicz    
          twoln AT umk.pl        http://www.home.umk.pl/~twoln
 
Uniwersyteckie Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika         Nicolaus Copernicus University,
pl. Rapackiego 1, Torun                pl. Rapackiego 1, Torun, Poland
            tel: +48-56-611-2750; tel kom.: +48-693-032-576

Archive powered by MHonArc 2.6.19.

Top of Page