The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Tomasz Wolniewicz <twoln AT umk.pl>]

Hi,

 

    Indeed this is a bit tricky. Things should work fine on Windows, Linux and MacOS. In the the first two cases the installer will ask the user for the location of the personal certificate file, in the third the MacOS itself will ask during the first connection (but the personal certificate needs to be installed in the system first).

iOS will not ask for the certificate, just for username and password which sucks. geteduroam does not have the "asking" functionality as far as I know.

EAP-TLS has been used by the Nicholas Copernicus University in Torun since the very beginning of eduroam but we had to create some local adjustments. Of course we had to generate personal certificates for our users, but in the process we also generated personal mobileconfig files containing the personal cert and similarly an eap-config files. Then the user was requested to download the appropriate file. In the Android case, geteduroam had to be installed first and then you would "run" the eap-config profile with geteduroam and it would do all the work. Both the mobileconfig and the eap-config were prepared on the basis of the CAT files and extended by adding the personal cert (secured with a passcode).

The mobile-config files were signed with the University web certificate, so that the system would not consider them unsecure.

In order to be user-friendly we are just redirecting the CAT to a local web page where we have instructions and download links.

Services like the geteduroam user portal or the GEANT Managed IdP (https://hosted.eduroam.org) have their own personal certificates generation engines and create all relevant profiles.

Hope this helps a bit.

Tomasz Wolniewicz

W dniu 27.03.2025 o 10:02, STARK Alexandra (via cat-users Mailing List) pisze:

Hi!

We have the following problem:
We want to use TLS for eduroam.
Without CAT, if the user sets everything up manually (adds the client certificate in the WLAN configuration, etc.), everything works perfectly. Only when the “installation file” is downloaded under Android and iPhone via cat.eduroam.org and an attempt is made to set up eduroam, nothing happens on the iPhone - we don't see anything on the server either. In addition, the “geteduroam” app crashes on Android and iPhone.
But everything works on Linux.

I have tried the "live login test" and get the error message “the request was rejected immediately, without EAP conversation. Either you have misspelt the Username or there is something seriously wrong with your server.”
For testing purposes, I then also activated PEAP-MSCHAPv2, uploaded my client certificate in the live login test and entered a test user etc. for PEAP.
The test for both, TLS and PEAP-MSCHAPv2, then worked.

How can I debug the problem?

Can you help me here?

Kind regards

Alexandra Stark
DVT - Daten-Verarbeitung-Tirol GmbH
Adamgasse 22, 6020 Innsbruck
Tel: +43 512 508 3333
Mobil: +43 676 88508 3333
alexandra.stark AT tirol.gv.at
https://www.dvt.at

      To
        unsubscribe, send this message:
        mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
        Or use the following link:
        https://lists.geant.org/sympa/sigrequest/cat-users
    
-- 
Tomasz Wolniewicz

Attachment: smime.p7s
Description: Kryptograficzna sygnatura S/MIME