Closed martijnkruiten closed 1 month ago
I'm using the exact same versions and profile, and it works for me.
Is your phone managed by internal services? (Looking for differences.)
No, this is a private phone. I've just downloaded the profile directly from cat.eduroam.org and that works without any issues.
Looking at the code I see only one place where this error is thrown and that can happen if either createNetworkConfigurations: setTrustedServerCertificates: returned false
or createNetworkConfigurations: No server names and no custom CAs set; there is no way to verify this network
. Of these the first one seems more likely, as the second one seems more likely to affect all users the same way.
So it seems the most likely scenario is that your phone for some reason doesn't trust the certificates, or is set up in a way that it doesn't have permission to do so.
If you are up for it, you can get some logging out of your phone that would help with understanding what's going on.
Check that Action > Include Info Messages and Action > Include Debug Messages are enabled.
In that case, this might be the difference:
On the unmanaged iPhone it doesn't make a difference whether I trust these root certificates, but on the managed iPhone I guess it includes a critical SURF provides root certificate.
@martijnkruiten Does it work for you now on your managed iPhone? Could you change the trust setting, or did your admin change that? (It looks disabled in the screenshot.)
It doesn't work on my private iPhone, but it does work on my managed iPhone. I’ve used the same EAP file on both phones for this test. On the managed iPhone the root certificates are accepted and this setting can't be changed. Judging from the label of the setting, it appears as if SURF also pushes some of their own certificates to their managed iPhones. On my private iPhone it doesn't make a difference whether or not I accept the root certificates that are included by default by Apple: it doesn't work either way.
Instructions for testing "No valid outer EAP type in configuration" workaround
Note: the flags are reset when the app is relaunched
It works with the "Ignore Server Certificate Import Failure" option enabled, though I'm not in range of an eduroam network to test the connection right now. The other option is not needed.
I'm using version 2.2 on iOS 17.5.1. When I try to install the SURF profile, it shows me this error:
Somehow one of my colleagues was able to obtain and install the same profile after an initial failed attempt (with another error that I can't recall), but for me it fails consistently.