cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Ramazan ARSLAN <ramazanarslan AT duzce.edu.tr>
- To: cat-users AT lists.geant.org
- Subject: [[cat-users]] About Cat Eduroam
- Date: Mon, 9 Jan 2023 16:54:42 +0300 (TRT)
Hello, as Düzce University, we are broadcasting on Cat Eduroam. However, I am getting the following error and MacOS and IOS files are not working because I can't find the solution to the problem. Can you help with the matter?
Good work.
Good work.
Testing from: eduroamTL dk
Connected to Duzce University Server Certificate. elapsed time: 1538 ms. Test partially successful: a bidirectional RADIUS conversation with multiple round-trips was carried out, and ended in an Access-Reject as planned. Some properties of the connection attempt were sub-optimal; the list is below. | ||
It was not possible to determine the TLS version that was used in the EAP exchange. | ||
The certificate chain includes the root CA certificate. This does not serve any useful purpose but inflates the packet exchange, possibly leading to more round-trips and thus slower authentication. | ||
At least one certificate did not contain any BasicConstraints extension; which makes it unclear if it's a CA certificate or end-entity certificate. At least Mac OS X 10.8 (Mountain Lion) will not validate this certificate for EAP purposes! | ||
The extension 'CRL Distribution Point' in the server certificate points to a location where no DER-encoded CRL can be found. Some Operating Systems check certificate validity by consulting the CRL and will fail to validate the certificate. Checking server certificate validity against a CRL will not be possible. | ||
The certificate contained a CN or subjectAltName:DNS which does not parse as a hostname. This can be problematic on some supplicants. If the certificate also contains names which are a proper hostname, and you only use those for your supplicant configuration, then you can safely ignore this notice. | ||
The configured EAP server name matches either the CN or a subjectAltName:DNS of the incoming certificate; best current practice is that the certificate should contain the name in BOTH places. | ||
|
Testing from: eduroamTL nl
Connected to Duzce University Server Certificate. elapsed time: 1491 ms. Test partially successful: a bidirectional RADIUS conversation with multiple round-trips was carried out, and ended in an Access-Reject as planned. Some properties of the connection attempt were sub-optimal; the list is below. | ||
It was not possible to determine the TLS version that was used in the EAP exchange. | ||
The certificate chain includes the root CA certificate. This does not serve any useful purpose but inflates the packet exchange, possibly leading to more round-trips and thus slower authentication. | ||
At least one certificate did not contain any BasicConstraints extension; which makes it unclear if it's a CA certificate or end-entity certificate. At least Mac OS X 10.8 (Mountain Lion) will not validate this certificate for EAP purposes! | ||
The extension 'CRL Distribution Point' in the server certificate points to a location where no DER-encoded CRL can be found. Some Operating Systems check certificate validity by consulting the CRL and will fail to validate the certificate. Checking server certificate validity against a CRL will not be possible. | ||
The certificate contained a CN or subjectAltName:DNS which does not parse as a hostname. This can be problematic on some supplicants. If the certificate also contains names which are a proper hostname, and you only use those for your supplicant configuration, then you can safely ignore this notice. | ||
The configured EAP server name matches either the CN or a subjectAltName:DNS of the incoming certificate; best current practice is that the certificate should contain the name in BOTH places. | ||
|
Mühendis Ramazan ARSLAN Şube Müdürü | ||
0 380 542 11 12 https://bilgiislem.duzce.edu.tr | Düzce Üniversitesi Konuralp Yerleşkesi | |
DUZCE.EDU.TR |
Bu e-posta mesajı ve ekleri gönderildiği kişi ya da kuruma özeldir ve
gizlidir. Ayrıca hukuken de gizli olabilir. Hiçbir şekilde üçüncü kişilere
açıklanamaz ve yayınlanamaz. Mesajın yetkili alıcısı değilseniz hiçbir kısmını
kopyalayamaz, başkasına gönderemez veya hiçbir şekilde kullanamazsınız. Eğer
mesajın yetkili alıcısı veya yetkili alıcısına iletmekten sorumlu kişi siz
değilseniz, lütfen mesajı sisteminizden siliniz ve göndereni uyarınız. Gönderen
ve Düzce Üniversitesi, bu mesajın içerdiği bilgilerin doğruluğu, bütünlüğü ve
güncelliği konusunda bir garanti vermemektedir. Mesajın içeriğinden,
iletilmesinden, alınmasından, saklanmasından, gizliliğinin korunamamasından,
virüs içermesinden ve sisteminizde oluşturabileceği zararlardan Düzce
Üniversitesi sorumlu tutulamaz.
- [[cat-users]] About Cat Eduroam, Ramazan ARSLAN, 01/09/2023
- <Possible follow-up(s)>
- [[cat-users]] About Cat Eduroam, Ramazan ARSLAN, 01/09/2023
- Re: [[cat-users]] About Cat Eduroam, Stefan Winter, 01/09/2023
- [[cat-users]] About Cat Eduroam, Ramazan ARSLAN, 01/09/2023
Archive powered by MHonArc 2.6.19.