Re: Network Manager 0.7.0 TLS and certs

From: Dan Williams <dcbw redhat com>
To: Grant Williamson <traxtopel gmail com>
Cc: network manager <networkmanager-list gnome org>
Subject: Re: Network Manager 0.7.0 TLS and certs
Date: Tue, 29 Jul 2008 11:17:17 -0400

On Tue, 2008-07-29 at 10:12 -0400, Grant Williamson wrote:
> In the past using NetworkManager 0.6.6 I could connect to EAP using 
> digital certs.
> 
> I would use the following.
> ca_certificate.pem
> client_certificate.cer
> private_key.pem
> 
> I would create these files using
> openssl pkcs12 -clcerts -in name.p12 -out "client_certificate.cer"
> openssl pkcs12 -cacerts -in name.p12 -out "ca_certificate.pem"
> openssl pkcs12 -nocerts -in name.p12 -out "private-key.pem"
> 
> This worked fine with NM 0.6.6
> For NM 0.7.0 I now need to replace the "client_certificate.cer" file with
> openssl pkcs12 -clcerts -in name.p12 -out "user_certificate.pem"
> 
> However irrespective how I configure  NetworkManager, i.e.
> Security : Dynamic Wep (802.1x)
> or
> Security : WPA&WPA2 Enterprise
> Authentication TLS
> I cannot connect, using the same files from the command line and 
> manually running
> wpa_supplicant against a conf file I can.
> 
> How can I best go about debugging this on NM 0.7.0?

Get some log output from /var/log/messages from NetworkManager during
the connection attempt.

Then add "-dddt" to the end of the Exec= line
in /usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service, then "sudo killall -TERM wpa_supplicant", try to connect again, and send me the output of /var/log/wpa_supplicant.log so I can diagnose.  You'll then want to remove the "-dddt" and again killall the supplicant so you don't start filling up the drive with debug logs :)

Dan

References:
- Network Manager 0.7.0 TLS and certs
  - From: Grant Williamson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]