I’m trying to connect my CentOS 6.8 laptop to the wireless net at work, which is secured with WPA2 and AES. I’ve done this successfully in the past using NetworkManager, but a new safety feature was recently introduced: A CA certificate is required. After this, I’ve not been able to connect. I have a DER format file, whose path I’ve entered in
in the NetworkManager security page, but apparently, this isn’t enough;
NetworkManager will try for a while, then pop up the security/login dialog again. I found the following in /var/log/wpa_supplicant.log, which I believe is related to this issue:
CTRL-EVENT-EAP-STARTED EAP authentication started CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method -> NAK
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method%
OpenSSL: tls_connection_ca_cert – Failed to load root certificates error:00000000:lib(0):func(0):reason(0)
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected TLS: Certificate verification failed, error 20 (unable to get local issuer certificate) depth 1 for ‘/DC=com/DC=…/DC=…/CN=…’
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=1
subject=’/DC=com/DC=…/DC=…/CN=…’ err=’unable to get local issuer certificate’
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
OpenSSL: openssl_handshake – SSL_connect error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed CTRL-EVENT-EAP-FAILURE EAP authentication failed
Note: I’ve removed some of the “DC=” info for privacy reasons, but what I’m seeing there, makes me think that the DER file has indeed been read.
Maybe this means I have to provide additional certificate info somewhere, somehow, but what would be the exact nature of the data, and where do I put it? I googled for some of the error messages and found that others have had similar issues, but the feedback given to them left me none the wiser. Actually, wpa_supplicant.conf updates are mentioned in some cases, but they appear to be related to information that I
thought would be provided by NetworkManager in this case.
So, does anyone know more about this? What certificate or certificate configuration files should I need in addition to what’s specified in the NetworkManager config? What else may be wrong?
Any help will be appreciated.