The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Ramazan ARSLAN <ramazanarslan AT duzce.edu.tr>]

Hello, as Düzce University, we are broadcasting on Cat Eduroam. However, I am getting the following error and MacOS and IOS files are not working because I can't find the solution to the problem. Can you help with the matter?
Good work.

Testing from: eduroamTL dk

	Connected to Duzce University Server Certificate. elapsed time: 1538 ms. Test partially successful: a bidirectional RADIUS conversation with multiple round-trips was carried out, and ended in an Access-Reject as planned. Some properties of the connection attempt were sub-optimal; the list is below.
		It was not possible to determine the TLS version that was used in the EAP exchange.
		The certificate chain includes the root CA certificate. This does not serve any useful purpose but inflates the packet exchange, possibly leading to more round-trips and thus slower authentication.
		At least one certificate did not contain any BasicConstraints extension; which makes it unclear if it's a CA certificate or end-entity certificate. At least Mac OS X 10.8 (Mountain Lion) will not validate this certificate for EAP purposes!
		The extension 'CRL Distribution Point' in the server certificate points to a location where no DER-encoded CRL can be found. Some Operating Systems check certificate validity by consulting the CRL and will fail to validate the certificate. Checking server certificate validity against a CRL will not be possible.
		The certificate contained a CN or subjectAltName:DNS which does not parse as a hostname. This can be problematic on some supplicants. If the certificate also contains names which are a proper hostname, and you only use those for your supplicant configuration, then you can safely ignore this notice.
		The configured EAP server name matches either the CN or a subjectAltName:DNS of the incoming certificate; best current practice is that the certificate should contain the name in BOTH places.
	Subject: emailAddress=eduroam AT duzce.edu.tr,CN=Duzce University Server Certificate,O=Duzce University,ST=Duzce,C=TR Issuer: CN=Duzce University Eduoam Certificate Authority,emailAddress=eduroam AT duzce.edu.tr,O=Duzce University,L=Merkez,ST=Duzce,C=TR Valid from: Monday, 19-Dec-2022 11:20:12 GMT Valid to: Tuesday, 07-Jan-2025 11:20:12 GMT Serial number: 1 (0x1) SHA1 fingerprint: 4fad3191d849435c4ddc69e0116c001f1929924c Extensions extendedKeyUsage: TLS Web Server Authentication crlDistributionPoints: Full Name: URI:http://www.example.com/example_ca.crl certificatePolicies: Policy: 1.3.6.1.4.1.40808.1.3.2

Testing from: eduroamTL nl

	Connected to Duzce University Server Certificate. elapsed time: 1491 ms. Test partially successful: a bidirectional RADIUS conversation with multiple round-trips was carried out, and ended in an Access-Reject as planned. Some properties of the connection attempt were sub-optimal; the list is below.
		It was not possible to determine the TLS version that was used in the EAP exchange.
		The certificate chain includes the root CA certificate. This does not serve any useful purpose but inflates the packet exchange, possibly leading to more round-trips and thus slower authentication.
		At least one certificate did not contain any BasicConstraints extension; which makes it unclear if it's a CA certificate or end-entity certificate. At least Mac OS X 10.8 (Mountain Lion) will not validate this certificate for EAP purposes!
		The extension 'CRL Distribution Point' in the server certificate points to a location where no DER-encoded CRL can be found. Some Operating Systems check certificate validity by consulting the CRL and will fail to validate the certificate. Checking server certificate validity against a CRL will not be possible.
		The certificate contained a CN or subjectAltName:DNS which does not parse as a hostname. This can be problematic on some supplicants. If the certificate also contains names which are a proper hostname, and you only use those for your supplicant configuration, then you can safely ignore this notice.
		The configured EAP server name matches either the CN or a subjectAltName:DNS of the incoming certificate; best current practice is that the certificate should contain the name in BOTH places.
	Subject: emailAddress=eduroam AT duzce.edu.tr,CN=Duzce University Server Certificate,O=Duzce University,ST=Duzce,C=TR Issuer: CN=Duzce University Eduoam Certificate Authority,emailAddress=eduroam AT duzce.edu.tr,O=Duzce University,L=Merkez,ST=Duzce,C=TR Valid from: Monday, 19-Dec-2022 11:20:12 GMT Valid to: Tuesday, 07-Jan-2025 11:20:12 GMT Serial number: 1 (0x1) SHA1 fingerprint: 4fad3191d849435c4ddc69e0116c001f1929924c Extensions extendedKeyUsage: TLS Web Server Authentication crlDistributionPoints: Full Name: URI:http://www.example.com/example_ca.crl certificatePolicies: Policy: 1.3.6.1.4.1.40808.1.3.2

	Mühendis Ramazan ARSLAN Şube Müdürü
0 380 542 11 12 ramazanarslan AT duzce.edu.tr https://bilgiislem.duzce.edu.tr	Düzce Üniversitesi Konuralp Yerleşkesi Düzce University Konuralp Campus 81620 DÜZCE - TÜRKİYE
DUZCE.EDU.TR

Bu e-posta mesajı ve ekleri gönderildiği kişi ya da kuruma özeldir ve gizlidir. Ayrıca hukuken de gizli olabilir. Hiçbir şekilde üçüncü kişilere açıklanamaz ve yayınlanamaz. Mesajın yetkili alıcısı değilseniz hiçbir kısmını kopyalayamaz, başkasına gönderemez veya hiçbir şekilde kullanamazsınız. Eğer mesajın yetkili alıcısı veya yetkili alıcısına iletmekten sorumlu kişi siz değilseniz, lütfen mesajı sisteminizden siliniz ve göndereni uyarınız. Gönderen ve Düzce Üniversitesi, bu mesajın içerdiği bilgilerin doğruluğu, bütünlüğü ve güncelliği konusunda bir garanti vermemektedir. Mesajın içeriğinden, iletilmesinden, alınmasından, saklanmasından, gizliliğinin korunamamasından, virüs içermesinden ve sisteminizde oluşturabileceği zararlardan Düzce Üniversitesi sorumlu tutulamaz.