Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-16 Thread Jonathan Miller
Upon closer inspection, I believe that my fears were overblown. It seems that what ACTUALLY changed in the certificate was the friendly name, and the root CA is still the same. I only discovered this when I imported the 'new' root CA into our eduroam CAT config and saw that all of the properties

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-13 Thread Jonathan Waldrep
Going back to the original issue: On 2021-08-09 07:32:19-0400, Jonathan Miller wrote: > [...] > The certificate are issued through InCommon, and when I renewed our > expiring certificate, I noticed that it is showing that is has a root > of Sectigo, where it was previously Comodo. The certificate

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-10 Thread Glinsky, Eric
UCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root You don't often get email from jmill...@fandm.edu<mailto:jmill...@fandm.edu>. Learn why this is important<http://ak

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-10 Thread Tony Skalski
now is rather low. As to > future RFCs, even if that happened tomorrow, it could be a decade or more > before there was broad support, and more importantly, we could think about > enforcement. > > > > Jeff > > > > > > *From:* The EDUCAUSE Wireless Issues Commun

Re: [External] Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-10 Thread Hunter Fuller
DUCAUSE Wireless Issues Community Group Listserv < >> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Tim Cappalli >> *Sent:* Monday, August 09, 2021 8:05 AM >> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >> *Subject:* Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal w

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-10 Thread Tim Cappalli
p Listserv on behalf of Jonathan Miller Date: Tuesday, August 10, 2021 at 10:59 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root You don't often get email from jmill...@fandm.edu. Learn why this is imp

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-10 Thread Elton, Norman N
.edu<mailto:wne...@wm.edu> / 757-221-7790 From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Jonathan Miller Date: Tuesday, August 10, 2021 at 10:59 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-10 Thread Jonathan Miller
> > tim > -- > > *From:* The EDUCAUSE Wireless Issues Community Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Jeffrey D. Sessler < > j...@scrippscollege.edu> > *Sent:* Monday, August 9, 2021 10:53 > *To:* WIRELESS-LAN

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Jeffrey D. Sessler
about enforcement. Jeff From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Tim Cappalli Sent: Monday, August 09, 2021 8:05 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root CA policies really have nothing

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Tim Cappalli
RELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root Per the RFC, the certificate-using application _MAY_ require the EAP extended key usage extension to be present. It is not a must or shall, so I’m not exactly sure the problem here. Vendors have chos

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Jeffrey D. Sessler
Community Group Listserv on behalf of Doug Wussler <029e57f9967b-dmarc-requ...@listserv.educause.edu> Date: Monday, August 9, 2021 at 7:33 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root Well, here is Microsoft's

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Doug Wussler
rom: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Doug Wussler <029e57f9967b-dmarc-requ...@listserv.educause.edu> Sent: Monday, August 9, 2021 10:30 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with N

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Tim Cappalli
p Listserv on behalf of Doug Wussler <029e57f9967b-dmarc-requ...@listserv.educause.edu> Sent: Monday, August 9, 2021 10:30 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root You don't often get email from 02

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Doug Wussler
palli <0194c9ecac40-dmarc-requ...@listserv.educause.edu> Sent: Monday, August 9, 2021 8:42 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root A public CA issues certificates for web server authentication (amongst others like code signing

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Tim Cappalli
t 9, 2021 8:36:08 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root You don't often get email from wne...@wm.edu. Learn why this is important<http://aka.ms/LearnAboutSenderIdentification> >> Technically, you

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Turpin, Max
tserv On Behalf Of Jeffrey D. Sessler Sent: Monday, August 9, 2021 10:25 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [EXTERNAL] Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root I'm curious about this and would like to know more. Many operating systems require the S

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Price, Jamie G
u<mailto:0194c9ecac40-dmarc-requ...@listserv.educause.edu>> Date: Monday, August 9, 2021 at 8:31 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: Re: [WIRELESS-LAN] eduroam CAT Config/C

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Jeffrey D. Sessler
Issues Community Group Listserv on behalf of Tim Cappalli <0194c9ecac40-dmarc-requ...@listserv.educause.edu> Date: Monday, August 9, 2021 at 5:42 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root A public CA issues certificat

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Lee H Badman
to:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root EXTERNAL EMAIL “The validity period is very long.” Now you did it, Thomas. You realize you’re about to get scolded…. ☺ Lee Badman | Network Architect (CWNE#200) Info

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread McClintic, Thomas
I didn’t say how long 😊 399 days is long in today’s terms From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Lee H Badman Sent: Monday, August 9, 2021 8:53 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Lee H Badman
SS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root We use an internal CA signed server certificate without issue for EAP-TLS. We are currently using Clearpass onboard & moving to SecureW2. We previously used Incommon for server CA and are mu

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread McClintic, Thomas
-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root EXTERNAL EMAIL On Aug 9, 2021, at 07:56, Tim Cappalli <0194c9ecac40-dmarc-requ...@listserv.educause.edu<mailto:0194c9ecac40-dmarc-requ...@listserv.educause.edu>> wrote:

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Julian Y Koh
On Aug 9, 2021, at 07:56, Tim Cappalli <0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote: Lets not go down this rabbit hole again. I thought there was a picture of a rabbit and a hole in the dictionary next to “mailing

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Turpin, Max
ehalf Of Tim Cappalli Sent: Monday, August 9, 2021 8:57 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [EXTERNAL] Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root Lets not go down this rabbit hole again. I was directly answering the question. If you choose to use certificates

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Tim Cappalli
From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of James Andrewartha Sent: Monday, August 9, 2021 8:52:03 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root Which is great and I agree with

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread James Andrewartha
equ...@listserv.educause.edu> Date: 9/8/21 20:42 (GMT+08:00) To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root A public CA issues certificates for web server authentication (amongst others like code signing and S/MIME). An EAP server

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Tim Cappalli
@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root You don't often get email from wne...@wm.edu. Learn why this is important<http://aka.ms/LearnAboutSenderIdentification> >> Technically, you're not even supposed to use the cert

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Elton, Norman N
a violation of multiple policies. Tim From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Elton, Norman N Sent: Monday, August 9, 2021 8:18:37 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Ro

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Tim Cappalli
E Wireless Issues Community Group Listserv on behalf of Elton, Norman N Sent: Monday, August 9, 2021 8:18:37 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root You don't often get email from wne...@wm.edu. Learn why this is

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Elton, Norman N
gt; Date: Monday, August 9, 2021 at 8:03 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root You should never use different EAP server certificates across a RADIUS cluster. Use the same cert across all nodes (in this case take the oth

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

2021-08-09 Thread Tim Cappalli
You should never use different EAP server certificates across a RADIUS cluster. Use the same cert across all nodes (in this case take the other cert with the longest expiry and upload it to all the nodes in the CPPM cluster) From: The EDUCAUSE Wireless Issues Co