Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

Upon closer inspection, I believe that my fears were overblown. It seems that what ACTUALLY changed in the certificate was the friendly name, and the root CA is still the same. I only discovered this when I imported the 'new' root CA into our eduroam CAT config and saw that all of the properties

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

Going back to the original issue: On 2021-08-09 07:32:19-0400, Jonathan Miller wrote: > [...] > The certificate are issued through InCommon, and when I renewed our > expiring certificate, I noticed that it is showing that is has a root > of Sectigo, where it was previously Comodo. The certificate

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

RV.EDUCAUSE.EDU> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root You don't often get email from jmill...@fandm.edu<mailto:jmill...@fandm.edu>. Learn why this is important<http://aka.ms/LearnAboutSenderIdentification> Thank

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

ppened tomorrow, it could be a decade or more > before there was broad support, and more importantly, we could think about > enforcement. > > > > Jeff > > > > > > *From:* The EDUCAUSE Wireless Issues Community Group Listserv < > WIRELESS-LAN@L

Re: [External] Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

SE Wireless Issues Community Group Listserv < >> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Tim Cappalli >> *Sent:* Monday, August 09, 2021 8:05 AM >> *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >> *Subject:* Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with N

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

on behalf of Jonathan Miller Date: Tuesday, August 10, 2021 at 10:59 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root You don't often get email from jmill...@fandm.edu. Learn why this is important<http://aka

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

<mailto:wne...@wm.edu> / 757-221-7790 From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Jonathan Miller Date: Tuesday, August 10, 2021 at 10:59 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root Thank y

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

ESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New > Root > > > > CA policies really have nothing to do with implementations of other > protocols. There have been many discussions about this on this list and > others, and a

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

enforcement. Jeff From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Tim Cappalli Sent: Monday, August 09, 2021 8:05 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root CA policies really have nothing to do

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root Per the RFC, the certificate-using application _MAY_ require the EAP extended key usage extension to be present. It is not a must or shall, so I’m not exactly sure the problem here. Vendors have chosen against

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

Community Group Listserv on behalf of Doug Wussler <029e57f9967b-dmarc-requ...@listserv.educause.edu> Date: Monday, August 9, 2021 at 7:33 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root Well, here is Microsoft'

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

SE Wireless Issues Community Group Listserv on behalf of Doug Wussler <029e57f9967b-dmarc-requ...@listserv.educause.edu> Sent: Monday, August 9, 2021 10:30 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root You do

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

on behalf of Doug Wussler <029e57f9967b-dmarc-requ...@listserv.educause.edu> Sent: Monday, August 9, 2021 10:30 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root You don't often get email from 029e57f9967b-dmar

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

<0194c9ecac40-dmarc-requ...@listserv.educause.edu> Sent: Monday, August 9, 2021 8:42 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root A public CA issues certificates for web server authentication (amongst others like code signing and

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

] eduroam CAT Config/Cert Renewal with New Root I’m curious about this and would like to know more. Many operating systems require the Server Auth (1.3.6.1.5.5.7.3.1) EKU, and MS calls this out as a requirement for EAP. Last I looked, public CA’s include this when minting a so called web server

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

On Behalf Of Jeffrey D. Sessler Sent: Monday, August 9, 2021 10:25 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [EXTERNAL] Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root I'm curious about this and would like to know more. Many operating systems require the Server Auth

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

00194c9ecac40-dmarc-requ...@listserv.educause.edu>> Date: Monday, August 9, 2021 at 8:31 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal wit

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

Issues Community Group Listserv on behalf of Tim Cappalli <0194c9ecac40-dmarc-requ...@listserv.educause.edu> Date: Monday, August 9, 2021 at 5:42 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root A public CA issues certif

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

to:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root EXTERNAL EMAIL “The validity period is very long.” Now you did it, Thomas. You realize you’re about to get scolded…. ☺ Lee Badman | Network Architect (CWNE#200) Information T

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

I didn’t say how long  399 days is long in today’s terms From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Lee H Badman Sent: Monday, August 9, 2021 8:53 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

SS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root We use an internal CA signed server certificate without issue for EAP-TLS. We are currently using Clearpass onboard & moving to SecureW2. We previously used Incommon for server CA and are mu

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root EXTERNAL EMAIL On Aug 9, 2021, at 07:56, Tim Cappalli <0194c9ecac40-dmarc-requ...@listserv.educause.edu<mailto:0194c9ecac40-dmarc-requ...@listserv.educause.edu>> wrote:

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

On Aug 9, 2021, at 07:56, Tim Cappalli <0194c9ecac40-dmarc-requ...@listserv.educause.edu> wrote: Lets not go down this rabbit hole again. I thought there was a picture of a rabbit and a hole in the dictionary next to “mailing

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

Of Tim Cappalli Sent: Monday, August 9, 2021 8:57 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [EXTERNAL] Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root Lets not go down this rabbit hole again. I was directly answering the question. If you choose to use certificates

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of James Andrewartha Sent: Monday, August 9, 2021 8:52:03 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root Which is great and I agree

RE: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

equ...@listserv.educause.edu> Date: 9/8/21 20:42 (GMT+08:00) To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root A public CA issues certificates for web server authentication (amongst others like code signing and S/MIME). An EAP

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root You don't often get email from wne...@wm.edu. Learn why this is important<http://aka.ms/LearnAboutSenderIdentification> >> Technically, you're not even supposed to use the certificates

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root EAP server certs from a PKI you (or a partner like SecureW2) control are the best practice. Technically, you're not even supposed to use the certificates issued from a public CA for EAP as it's a violation of multi

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

Issues Community Group Listserv on behalf of Elton, Norman N Sent: Monday, August 9, 2021 8:18:37 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root You don't often get email from wne...@wm.edu. Learn why this is important<h

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

Date: Monday, August 9, 2021 at 8:03 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root You should never use different EAP server certificates across a RADIUS cluster. Use the same cert across all nodes (in this case take th

Re: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root

Community Group Listserv on behalf of Jonathan Miller Sent: Monday, August 9, 2021 7:32:19 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] eduroam CAT Config/Cert Renewal with New Root You don't often get email from jmill...@fandm.edu. Learn why this is important<h

eduroam CAT Config/Cert Renewal with New Root

We are currently using publicly signed certificates for our eduroam access on a cluster of 2 ClearPass servers. We are in a situation where one of our certs will be expiring in October of this year, while the other is good until June of next year. The certificate are issued through InCommon, and