Re: Re: NM forgets CA certificate

On Tue, 2010-01-19 at 22:12 -0800, Dan Williams wrote: 
> On Wed, 2010-01-13 at 15:48 -0500, Matthew Saltzman wrote:
> > I don't recall if I wrote before about this, but I don't think so.  I've
> > been thinking about it.
> > 
> > I have a PEAP connection that requires a separate CA cert from the usual
> > bundle.  The first time I connect after a reboot, the connection always
> > times out.  When the configuration dialog pops up, it shows "CA
> Any idea why it's timing out?  Does /var/log/messages or wpa_supplicant
> debugging show anything interesting?

I assume it times out because there's no cert--I get the same behavior
if I have a bad cert instead.  NM messages from this morning's failure,
followed by correcting the cert, followed by success attached.  If
that's not enough, what steps do I follow to debug wpa_supplicant?

> > certificate: (None)".  Opening the dialog allows me to select the cert
> Are all the other settings successfully preserved?


Also, when I edit the security settings in the connection editor, the
setting is already cleared, even though I haven't even disconnected.  So
it looks like it uses it, but never saves it.  It does remember across
suspend/relocate though.

> > file and then the connection is fine (although the Wireless Security
> > config window shows no cert), even across movements to another network
> > and back, until the next boot or NM restart.
> What version of NM?

        $ rpm -q NetworkManager wpa_supplicant
        $ uname -r
> > Also, it seems that I should be able to use the cert as I got it from
> > Entrust as a .cer or after conversion to a .der, but neither of those
> > works for me (although it does work for others).  I had to get someone
> > to send me a .der that we knew worked, and I use that.
> You should be able to use it as a .cer actually; any chance you can
> reply with the contents of that certificate so I can find out why it's
> not recognized?  Is it the case that it doesn't even show up in the file
> chooser?

Actually, never mind about this part.  It turns out that I had wrong
instructions for where to get the cert.  It's a standard Entrust end
user 2048-bit.  There used to be two on the site, and my instructions
pointed at the wrong one.

> Dan

                Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]