Re: Re: NM forgets CA certificate

From: "Matthew Saltzman" <mjs clemson edu>
To: <dcbw redhat com>
Cc: networkmanager-list gnome org
Subject: Re: Re: NM forgets CA certificate
Date: Wed, 20 Jan 2010 12:35:14 -0500

On Tue, 2010-01-19 at 22:12 -0800, Dan Williams wrote: 
> On Wed, 2010-01-13 at 15:48 -0500, Matthew Saltzman wrote:
> > I don't recall if I wrote before about this, but I don't think so.  I've
> > been thinking about it.
> > 
> > I have a PEAP connection that requires a separate CA cert from the usual
> > bundle.  The first time I connect after a reboot, the connection always
> > times out.  When the configuration dialog pops up, it shows "CA
> 
> Any idea why it's timing out?  Does /var/log/messages or wpa_supplicant
> debugging show anything interesting?

I assume it times out because there's no cert--I get the same behavior
if I have a bad cert instead.  NM messages from this morning's failure,
followed by correcting the cert, followed by success attached.  If
that's not enough, what steps do I follow to debug wpa_supplicant?

> 
> > certificate: (None)".  Opening the dialog allows me to select the cert
> 
> Are all the other settings successfully preserved?

Yes.

Also, when I edit the security settings in the connection editor, the
setting is already cleared, even though I haven't even disconnected.  So
it looks like it uses it, but never saves it.  It does remember across
suspend/relocate though.

> 
> > file and then the connection is fine (although the Wireless Security
> > config window shows no cert), even across movements to another network
> > and back, until the next boot or NM restart.
> 
> What version of NM?

        $ rpm -q NetworkManager wpa_supplicant
        NetworkManager-0.7.997-2.git20091214.fc12.x86_64
        wpa_supplicant-0.6.8-8.fc12.x86_64
        $ uname -r
        2.6.31.9-174.fc12.x86_64
        
> 
> > Also, it seems that I should be able to use the cert as I got it from
> > Entrust as a .cer or after conversion to a .der, but neither of those
> > works for me (although it does work for others).  I had to get someone
> > to send me a .der that we knew worked, and I use that.
> 
> You should be able to use it as a .cer actually; any chance you can
> reply with the contents of that certificate so I can find out why it's
> not recognized?  Is it the case that it doesn't even show up in the file
> chooser?

Actually, never mind about this part.  It turns out that I had wrong
instructions for where to get the cert.  It's a standard Entrust end
user 2048-bit.  There used to be two on the site, and my instructions
pointed at the wrong one.

> 
> Dan
> 
> 

-- 
                Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs

<<winmail.dat>>

Follow-Ups:
- Re: Re: NM forgets CA certificate
  - From: Dan Williams

References:
- NM forgets CA certificate
  - From: Matthew Saltzman
- Re: NM forgets CA certificate
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]