Re: Re: NM forgets CA certificate

From: Dan Williams <dcbw redhat com>
To: Matthew Saltzman <mjs clemson edu>
Cc: networkmanager-list gnome org
Subject: Re: Re: NM forgets CA certificate
Date: Thu, 21 Jan 2010 13:28:20 -0800

On Wed, 2010-01-20 at 12:35 -0500, Matthew Saltzman wrote:
> On Tue, 2010-01-19 at 22:12 -0800, Dan Williams wrote: 
> > On Wed, 2010-01-13 at 15:48 -0500, Matthew Saltzman wrote:
> > > I don't recall if I wrote before about this, but I don't think so.  I've
> > > been thinking about it.
> > > 
> > > I have a PEAP connection that requires a separate CA cert from the usual
> > > bundle.  The first time I connect after a reboot, the connection always
> > > times out.  When the configuration dialog pops up, it shows "CA
> > 
> > Any idea why it's timing out?  Does /var/log/messages or wpa_supplicant
> > debugging show anything interesting?
> 
> I assume it times out because there's no cert--I get the same behavior
> if I have a bad cert instead.  NM messages from this morning's failure,
> followed by correcting the cert, followed by success attached.  If
> that's not enough, what steps do I follow to debug wpa_supplicant?

Can you grab your ~/.xsession-errors right after you see this happening?
I'd like to see if the applet spits out anything interesting.

Dan

> > 
> > > certificate: (None)".  Opening the dialog allows me to select the cert
> > 
> > Are all the other settings successfully preserved?
> 
> Yes.
> 
> Also, when I edit the security settings in the connection editor, the
> setting is already cleared, even though I haven't even disconnected.  So
> it looks like it uses it, but never saves it.  It does remember across
> suspend/relocate though.
> 
> > 
> > > file and then the connection is fine (although the Wireless Security
> > > config window shows no cert), even across movements to another network
> > > and back, until the next boot or NM restart.
> > 
> > What version of NM?
> 
>         $ rpm -q NetworkManager wpa_supplicant
>         NetworkManager-0.7.997-2.git20091214.fc12.x86_64
>         wpa_supplicant-0.6.8-8.fc12.x86_64
>         $ uname -r
>         2.6.31.9-174.fc12.x86_64
>         
> > 
> > > Also, it seems that I should be able to use the cert as I got it from
> > > Entrust as a .cer or after conversion to a .der, but neither of those
> > > works for me (although it does work for others).  I had to get someone
> > > to send me a .der that we knew worked, and I use that.
> > 
> > You should be able to use it as a .cer actually; any chance you can
> > reply with the contents of that certificate so I can find out why it's
> > not recognized?  Is it the case that it doesn't even show up in the file
> > chooser?
> 
> Actually, never mind about this part.  It turns out that I had wrong
> instructions for where to get the cert.  It's a standard Entrust end
> user 2048-bit.  There used to be two on the site, and my instructions
> pointed at the wrong one.
> 
> > 
> > Dan
> > 
> > 
>

Follow-Ups:
- Re: Re: NM forgets CA certificate
  - From: Matthew Saltzman

References:
- NM forgets CA certificate
  - From: Matthew Saltzman
- Re: NM forgets CA certificate
  - From: Dan Williams
- Re: Re: NM forgets CA certificate
  - From: Matthew Saltzman

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]