We have an institution that is using the "Go Daddy Class 2 Certification Authority" as the issuer for the certificates in their RADIUS server for the EAP conversation. The raw PEM for this root is here
This root certificate doesn't have a CN/SAN, which is less common, but appears to be enough to trip up the latest geteduroam app. I've also reproduced this on iOS myself.
The app says "Failed to connect - No valid outer EAP type in configuration"
Details of the test environment I reproduced in are below.
The older app applied this pattern which fixed things.
I'm going to ask the institution to add the intermediate to their profile to attempt to work around this as I think this will resolve things...a similar test profile with the intermediate is here and it seems to work, but I can't take it to full completion to be sure as we don't use this root ourselves.
We have an institution that is using the "Go Daddy Class 2 Certification Authority" as the issuer for the certificates in their RADIUS server for the EAP conversation. The raw PEM for this root is here
This root certificate doesn't have a CN/SAN, which is less common, but appears to be enough to trip up the latest geteduroam app. I've also reproduced this on iOS myself.
The app says "Failed to connect - No valid outer EAP type in configuration"
Details of the test environment I reproduced in are below.
iOS: 17.3.1 iPhone 11 geteduroam: Testflight 2.1 (94)
Test Profile : https://cat.eduroam.org/?idp=8196&profile=10643
We have also experienced this before with the older app using the GoDaddy Certificate Chain - G2
The older app applied this pattern which fixed things.
I'm going to ask the institution to add the intermediate to their profile to attempt to work around this as I think this will resolve things...a similar test profile with the intermediate is here and it seems to work, but I can't take it to full completion to be sure as we don't use this root ourselves.