Re: NM 0.7.0 on SLED11

From: Dan Williams <dcbw redhat com>
To: Peter Van Lone <petervl gmail com>
Cc: NetworkManager-list <networkmanager-list gnome org>
Subject: Re: NM 0.7.0 on SLED11
Date: Fri, 04 Dec 2009 12:37:57 -0800

On Thu, 2009-12-03 at 10:35 -0600, Peter Van Lone wrote:
> I am not able to connect to my companies WPA2 enterprise wireless.
> 
> A windows-savvy network friend of mine says he thinks the problem is:
> 
> "the company is not using client-side certificates AFAIK. The problem
> is probably that the certificate is invalid (expired) because our PKI
> at the company is not properly configured. You will need to get SLED
> to trust the invalid certificate presented during connection time. I
> know where this option is in Windows but not in the EAP supplicant."
> 
> I can see in NM the option to use "system CA certificates" -- I wonder
> if I need to add the company CA cert to the system cert store? Is this
> done using NM, in some fashion?

I don't believe that wpa_supplicant has this option, and thus NM doesn't
have this option either.  You could simply not supply a CA certificate
at all (which NM will accept) but this will decrease your overall
security by allowing man-in-the-middle attacks.  Basically, your
network's sysadmin needs to get a new CA certificate.

Dan

References:
- NM 0.7.0 on SLED11
  - From: Peter Van Lone

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]