Subject: An open discussion list for topics related to the geteduroam service
List archive
- From: Martin Pauly <pauly AT hrz.uni-marburg.de>
- To: geteduroam AT lists.geant.org
- Subject: Re: Cert setting not configured by geteduroam on Lineage Phone
- Date: Sat, 27 Feb 2021 23:21:05 +0100
Hi Paul,
Am 25.02.2021 um 21:30 schrieb Paul Dekkers (via geteduroam Mailing List):
I understand your concern; if you have just one intermediate
certificate it is displayed properly. If you have multiple, like with
the TCS service popular in our community, it is not displayed
properly in the settings. Instead, the settings show a red warning
that you still need to pick one: but that's because the UI can't
handle. It's just a limitation of the UI, the certificates are
installed and used. So it's not insecure.
I'm afraid I don't understand everything in this. What point would you have
in putting intermediate certs in a normal eduroam profile anyway?
The standard case is that you give the client a root cert and at least one
server name. This suffices to safely and uniquely authenticate any server
cert signed by the root cert and carrying said name for the whole
lifetime of the CA. All intermediates should be provided by the server.
Our profile is no difference, just one root cert and one server name.
If you're telling me that the picture I see is a purely cosmetic problem,
there is indeed little to worry about. I will try to check next week.
Cheers, Martin
--
Dr. Martin Pauly Phone: +49-6421-28-23527
HRZ Univ. Marburg Fax: +49-6421-28-26994
Hans-Meerwein-Str. E-Mail: pauly AT HRZ.Uni-Marburg.DE
D-35032 Marburg
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Re: Cert setting not configured by geteduroam on Lineage Phone, Paul Dekkers, 02/25/2021
- Re: Cert setting not configured by geteduroam on Lineage Phone, Martin Pauly, 02/27/2021
Archive powered by MHonArc 2.6.19.