Manual selection of p12 for eap-profiles without one that specify TLS.

[GarethAyres]

Some cat.eduroam.org eap-config profiles are configured for TLS but do not contain a p12.

A feature to enable support for these profiles would require a prompt to get the file location from the user followed by another prompt for any PIN associated with it.

[MatzeJoerling]

I am happy to provide you with a Usercert from our CA, if you need one for testing.
Please send me an E-Mail to martin.hierling -at- hs-owl.de

[twoln]

If one wants to provide one's own certs it seems easy to grab a sample cap-config TLS profile and fit a P12 file into it. This is what we have started to do at my IdP. We use the app and have our ons distribution service for per-user profiles.

[MatzeJoerling]

Sounds good, can you provide some information how you itegrate the p12 content into the TLS profile?
After opening the profile it looks like a xml oneliner... How do i embed my p12 ? Where, Tag? p12 file base64 coded?

regards M.

[twoln]

It helps if you see the xml structure in an organized way. I usually just hang the file extension to .xml and the open it in a browser. You need to have a section:

xxxxxxxx

where in place of xxxxxxxx you need base64, one-line encoding of the p12 file. If you current file has the outer identity in the client section, just throw it away.

[MatzeJoerling]

a little bit off topic but do you have a link to a example tls config file, google din´t spit out any usefull.

[restena-sw]

You can download a sample config for EAP-TLS (which doesn't have the actual certificate then) and learn about the few extra XML tags to embed one: our specification is openly available at

https://github.com/GEANT/CAT/blob/master/devices/xml/eap-metadata.xsd

As Tomasz said, when you download the installer, running it through htmltidy or looking at it in an XML browser yields a more readable version.