The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Jose Nunez <jose.nunez AT externos.rediris.es>]

Hi Alicia!

we are going to investigate this off-list.

Regards.

The eduroamES team

---

De: "Acero Fernandez, Alicia" <alicia.acero AT ciemat.es>
Para: "cat-users" <cat-users AT lists.geant.org>
Enviados: Miércoles, 12 de Marzo 2025 10:52:34
Asunto: [[cat-users]] eduroam profile error

Hello,

 

I am the cat eduroam admin of “Centro de Investigaciones Energéticas, Medioambientales y Tecnológicas-CIEMAT”. I have introduced my user credentials to test the profile of my institution and, in spite of getting a successful authentication, some errors appear, what can i do to solve them?

I don´t find any guide about cat eduroam administration. Could you provide me some information, please?.

 

Thank you in advance.

Regards.

Alicia Acero

 

 

 

------------------------

Probando desde: eduroamTL dk

PEAP-MSCHAPv2 – tiempo transcurrido: 938 ms.

Conectado a lms.ciemat.es. Prueba FALLIDA: autenticación correcta. Se han encontrado algunos errores de configuración. La lista está a continuación.
	El servidor no soporta las versiones TLS más modernas TLSv1.2 o TLSv1.3. Los sistemas operativos de los clientes modernos pueden rechazar autentificarse contra el servidor.
	Al menos un certificado no contenía ninguna extensión BasicConstraint, lo que hace dificil saber si es un certificado de CA (raíz) o no. Al menos Mac OS X 10.8 (Mountain Lion) no validará este certificado para EAP por este motivo.
	¡El certificado de servidor no pudo verificarse con el CA raíz que configuraste en tu perfil!
	¡El nombre de servidor EAP no coincide con ninguno de los nombres configurados en tu perfil!
	Detalles del certificado de servidor: Asunto: CN=lms.ciemat.es Emisor: CN=HARICA DV TLS RSA,O=Hellenic Academic and Research Institutions CA,C=GR Válido desde: Thursday, 27-Feb-2025 09:31:37 GMT Válido hasta: Friday, 27-Feb-2026 09:31:37 GMT Número de serie: 28834524573490044657982410341023083243 (0x7FFFFFFFFFFFFFFF) Firma digital SHA1: aa290530c2b5aa57ac5dcd84a9621e00a4920dec Public key length 2048 Extensiones authorityKeyIdentifier: 0A:88:AB:BC:8B:F0:F5:4A:EC:61:44:50:40:44:C1:87:66:DE:DE:51 authorityInfoAccess: CA Issuers - URI:http://crt.harica.gr/HARICA-DV-TLS-Sub-R1.cer OCSP - URI:http://ocsp.harica.gr subjectAltName: DNS:lms.ciemat.es, DNS:www.lms.ciemat.es certificatePolicies: Policy: 2.23.140.1.2.1 Policy: 0.4.0.2042.1.6 Policy: 1.3.6.1.4.1.26513.1.1.1.1 extendedKeyUsage: TLS Web Client Authentication, TLS Web Server Authentication crlDistributionPoints: Full Name: URI:http://crl.harica.gr/HARICA-DV-TLS-Sub-R1.crl subjectKeyIdentifier: A4:CE:9E:3A:EF:F7:EC:65:75:D2:6D:DE:9D:4E:39:5B:1A:0B:4E:8D keyUsage: Digital Signature, Key Encipherment ct_precert_scts: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 25:2F:94:C2:2B:29:E9:6E:9F:41:1A:72:07:2B:69:5C: 5B:52:FF:97:A9:0D:25:40:BB:FC:DC:51:EC:4D:EE:0B Timestamp : Feb 27 09:41:39.177 2025 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:31:8B:C4:DE:A2:2B:99:71:A8:D2:BE:65: 25:AE:A4:D3:02:E5:E6:7F:FF:47:BA:BD:87:D0:67:E5: B3:ED:92:E2:02:20:6F:CB:A1:B5:82:4A:05:21:72:65: 1F:BE:5B:EA:7A:24:80:4B:22:B2:4E:76:02:BC:68:75: A9:3D:F5:51:6F:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 0E:57:94:BC:F3:AE:A9:3E:33:1B:2C:99:07:B3:F7:90: DF:9B:C2:3D:71:32:25:DD:21:A9:25:AC:61:C5:4E:21 Timestamp : Feb 27 09:41:39.003 2025 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:73:E9:FB:82:40:F3:F8:38:C8:E8:22:8D: E5:8A:4E:72:46:53:CF:66:5B:AB:C4:01:FB:BB:21:2D: 99:27:2C:79:02:21:00:8E:F5:5F:73:EA:2C:06:28:B2: B3:C3:4C:E6:13:F2:5B:63:6F:A3:76:08:20:A0:D4:B7: 50:E3:00:4A:2E:14:26 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 96:97:64:BF:55:58:97:AD:F7:43:87:68:37:08:42:77: E9:F0:3A:D5:F6:A4:F3:36:6E:46:A4:3F:0F:CA:A9:C6 Timestamp : Feb 27 09:41:38.932 2025 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:7C:7B:D3:03:8E:DD:83:C7:C7:8A:94:14: 4C:6F:2C:1C:17:84:67:57:23:75:3F:80:7E:6A:20:46: B0:89:69:19:02:21:00:9D:05:87:86:FE:F9:3D:7E:15: E3:E0:B6:3D:4D:AD:88:1D:5B:CF:56:D5:E8:3E:9C:A4: 57:B7:98:4E:66:AE:24

«

---

Probando desde: eduroamTL nl

PEAP-MSCHAPv2 – tiempo transcurrido: 515 ms.

Conectado a lms.ciemat.es. Prueba FALLIDA: autenticación correcta. Se han encontrado algunos errores de configuración. La lista está a continuación.
	El servidor no soporta las versiones TLS más modernas TLSv1.2 o TLSv1.3. Los sistemas operativos de los clientes modernos pueden rechazar autentificarse contra el servidor.
	Al menos un certificado no contenía ninguna extensión BasicConstraint, lo que hace dificil saber si es un certificado de CA (raíz) o no. Al menos Mac OS X 10.8 (Mountain Lion) no validará este certificado para EAP por este motivo.
	¡El certificado de servidor no pudo verificarse con el CA raíz que configuraste en tu perfil!
	¡El nombre de servidor EAP no coincide con ninguno de los nombres configurados en tu perfil!
	Detalles del certificado de servidor: Asunto: CN=lms.ciemat.es Emisor: CN=HARICA DV TLS RSA,O=Hellenic Academic and Research Institutions CA,C=GR Válido desde: Thursday, 27-Feb-2025 09:31:37 GMT Válido hasta: Friday, 27-Feb-2026 09:31:37 GMT Número de serie: 28834524573490044657982410341023083243 (0x7FFFFFFFFFFFFFFF) Firma digital SHA1: aa290530c2b5aa57ac5dcd84a9621e00a4920dec Public key length 2048 Extensiones authorityKeyIdentifier: 0A:88:AB:BC:8B:F0:F5:4A:EC:61:44:50:40:44:C1:87:66:DE:DE:51 authorityInfoAccess: CA Issuers - URI:http://crt.harica.gr/HARICA-DV-TLS-Sub-R1.cer OCSP - URI:http://ocsp.harica.gr subjectAltName: DNS:lms.ciemat.es, DNS:www.lms.ciemat.es certificatePolicies: Policy: 2.23.140.1.2.1 Policy: 0.4.0.2042.1.6 Policy: 1.3.6.1.4.1.26513.1.1.1.1 extendedKeyUsage: TLS Web Client Authentication, TLS Web Server Authentication crlDistributionPoints: Full Name: URI:http://crl.harica.gr/HARICA-DV-TLS-Sub-R1.crl subjectKeyIdentifier: A4:CE:9E:3A:EF:F7:EC:65:75:D2:6D:DE:9D:4E:39:5B:1A:0B:4E:8D keyUsage: Digital Signature, Key Encipherment ct_precert_scts: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 25:2F:94:C2:2B:29:E9:6E:9F:41:1A:72:07:2B:69:5C: 5B:52:FF:97:A9:0D:25:40:BB:FC:DC:51:EC:4D:EE:0B Timestamp : Feb 27 09:41:39.177 2025 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:31:8B:C4:DE:A2:2B:99:71:A8:D2:BE:65: 25:AE:A4:D3:02:E5:E6:7F:FF:47:BA:BD:87:D0:67:E5: B3:ED:92:E2:02:20:6F:CB:A1:B5:82:4A:05:21:72:65: 1F:BE:5B:EA:7A:24:80:4B:22:B2:4E:76:02:BC:68:75: A9:3D:F5:51:6F:9A Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 0E:57:94:BC:F3:AE:A9:3E:33:1B:2C:99:07:B3:F7:90: DF:9B:C2:3D:71:32:25:DD:21:A9:25:AC:61:C5:4E:21 Timestamp : Feb 27 09:41:39.003 2025 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:73:E9:FB:82:40:F3:F8:38:C8:E8:22:8D: E5:8A:4E:72:46:53:CF:66:5B:AB:C4:01:FB:BB:21:2D: 99:27:2C:79:02:21:00:8E:F5:5F:73:EA:2C:06:28:B2: B3:C3:4C:E6:13:F2:5B:63:6F:A3:76:08:20:A0:D4:B7: 50:E3:00:4A:2E:14:26 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 96:97:64:BF:55:58:97:AD:F7:43:87:68:37:08:42:77: E9:F0:3A:D5:F6:A4:F3:36:6E:46:A4:3F:0F:CA:A9:C6 Timestamp : Feb 27 09:41:38.932 2025 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:7C:7B:D3:03:8E:DD:83:C7:C7:8A:94:14: 4C:6F:2C:1C:17:84:67:57:23:75:3F:80:7E:6A:20:46: B0:89:69:19:02:21:00:9D:05:87:86:FE:F9:3D:7E:15: E3:E0:B6:3D:4D:AD:88:1D:5B:CF:56:D5:E8:3E:9C:A4: 57:B7:98:4E:66:AE:24

«

 

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users