The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Paul Wadsworth <address@concealed>]

Hi 

Having updated our server certificate and renewed it via the https://store.sectigo.com/ portal and not the original https://cert-manager.com/ certificate providing portal, we now have 2 errors when uploading the new intermediate certificates to the CAT Portal. 

Testing from: eduroamTL dk

	Connected to eduroam.gateway.ac.uk. elapsed time: 660 ms. Test partially successful: a bidirectional RADIUS conversation with multiple round-trips was carried out, and ended in an Access-Reject as planned. Some properties of the connection attempt were sub-optimal; the list is below.
		The server certificate did not include a CRL Distribution Point, creating compatibility problems with Windows Phone 8.
		The certificate chain as received in EAP was not sufficient to verify the certificate to the root CA in your profile. It was verified using the intermediate CAs in your profile though. You should consider sending the required intermediate CAs inside the EAP conversation.

The new certificate does not contain CRL Distribution Point information and also the CAT Portal is not recognising the certificate below as a Root Certificate (see below).  

C=GB
O=Sectigo Limited
CN=Sectigo Public Server Authentication Root R46
Valid until 2038-01-18 23:59:59 UTC

So we get the above error and laptops downloading the CAT profile cannot connect to Eduroam.

Would you be able to assist with this?

Many thanks

Paul Wadsworth

Server & Systems Engineer

0116 274 4535 (Direct)

0116 274 4500 (Switchboard)

address@concealed

IT Support address@concealed