Skip to Content.

geteduroam - Problem with certificates generated

Subject: An open discussion list for topics related to the geteduroam service

List archive


Problem with certificates generated


Chronological Thread 
    < Chronological >      < Thread >
  • From: Darren Boss <Darren.Boss AT alliancecan.ca>
  • To: "geteduroam AT lists.geant.org" <geteduroam AT lists.geant.org>
  • Subject: Problem with certificates generated
  • Date: Tue, 16 Aug 2022 15:12:09 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=alliancecan.ca; dmarc=pass action=none header.from=alliancecan.ca; dkim=pass header.d=alliancecan.ca; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AmdBirrn8T2O8sQqo/f++7rA2LoyzuIYyuWsEfykRvQ=; b=duvzBppvWECzA0MAl5dx7RM3Sf5VM7KSjUtKdzD8x2KD4R/xADRJQTQoDLUHjTQDBsR8fs9ZmGxGKRRBW6ovI1Ud3BikuFKsNDyCsMbvaPLftOMqQjv/t9W0PxBt4BgLDFoTPLiI8jqWnxUDLFH0eVcVPWMdxY8DOo9iylNtXPvU4mrUC94rypwdW7EWQse1gXQWfDR5XW/rGqXlXa4C3jj+9nxKRI3wSEnCzqRUeJbjXqQ6REcYv49BvqZnfRCLmt/BzEb8Qce3E4oSRVnSeCT0buWAIHMsbnpPvfG5hXDAWb1DfVkyC8jlFaqeO+EHCTMhBgajTuLL12p4iryyFA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TK+a8rzGkgy1QnIXElEevP+a4lqxfE5xHc7ctTdSdBsz38inntbvPl+MQ/NyV6Xa6xG+/173Msec+W1y0X6CCOnwUa90BnS5dkimeMgICr5AuY78BQkm5LYf6R+5yBh4ChJv8fTSPwHv67pwA6OduCwtvT7JbgYefPnMPWSNz84vx/nOqGdwZW3Rs32wGuxexMYk0CmbNBeWxoEvGNSBfjFes9VA2Ej9G0BOw3dmpG+SOUnUJMG/fYpPqquEby0zQu+TB3FCXMfR8C4TvjnYg8Pm9nrdnsADDoC49W9ZMM0Wfp5OcD+fX4iEZ02aEk8+g4HCrquSWb5O0YjwepUcgQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=alliancecan.ca;
  • Msip_labels:
I've been able to setup the portal app without too much trouble but while testing with Android it wasn't working and I started looking closely at the assets downloaded manually from the portal. The PKCS12 button generates a file that when I try inspecting with openssl, shows this error:
Error outputting keys and certificates
401C6D75A67F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

When using the -legacy flag, I can convert the format and even get my profile working with a Linux laptop and our appropriately configured freeradius server.

The certs in the mobileconfig are using this cipher as well if I copy out the base64 encoded string, decode, and inspect with openssl from the command line.

The vm running the portal app is running Rocky 8.6 and PHP 7.4 from the Rocky repos. Is the error I see in the manual downloads unusual? Any tips for doing further debugging or thoughts about what I'm seeing? I'm thinking of deploying on a Debian based vm just to see if the behavior is different.

Darren Boss (he/him)


Senior Developer | Développeur Senior


 

 

343-341-2323

 
0000-0001-7588-9500

 

 

 

PNG image

PNG image

PNG image


Archive powered by MHonArc 2.6.19.

Top of Page