NetworkManger wireless issues - "Failed to load root certificates"/"unable to get local issuer certificate"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Hi,
I'm trying to connect my CentOS 6.8 laptop to the wireless net at work, which is secured with WPA2 and AES. I've done this successfully in the past using NetworkManager, but a new safety feature was recently introduced: A CA certificate is required. After this, I've not been able to connect. I have a DER format file, whose path I've entered in 

CA certificate:
in the NetworkManager security page, but apparently, this isn't enough; NetworkManager will try for a while, then pop up the security/login dialog again. I found the following in /var/log/wpa_supplicant.log, which I believe is related to this issue: 

CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 -> NAK
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
OpenSSL: tls_connection_ca_cert - Failed to load root certificates error:00000000:lib(0):func(0):reason(0) 
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
TLS: Certificate verification failed, error 20 (unable to get local issuer certificate) depth 1 for '/DC=com/DC=.../DC=.../CN=...' CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=1 subject='/DC=com/DC=.../DC=.../CN=...' err='unable to get local issuer certificate' 
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
OpenSSL: openssl_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 
CTRL-EVENT-EAP-FAILURE EAP authentication failed
Note: I've removed some of the "DC=" info for privacy reasons, but what I'm seeing there, makes me think that the DER file has indeed been read.
Maybe this means I have to provide additional certificate info somewhere, somehow, but what would be the exact nature of the data, and where do I put it? I googled for some of the error messages and found that others have had similar issues, but the feedback given to them left me none the wiser. Actually, wpa_supplicant.conf updates are mentioned in some cases, but they appear to be related to information that I thought would be provided by NetworkManager in this case.
So, does anyone know more about this? What certificate or certificate configuration files should I need in addition to what's specified in the NetworkManager config? What else may be wrong? 

Any help will be appreciated.

- Toralf



_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux