Query on setting ca-path and ca-cert with dbus for 802.1x

From: John Carter <jcarter identitynetworks com>
To: networkmanager-list gnome org
Subject: Query on setting ca-path and ca-cert with dbus for 802.1x
Date: Fri, 9 Mar 2012 15:13:53 +0000

Hi,

I'm writing a small app that creates 802.1x profiles. I can create profiles and connect, but I'm not sure I'm doing the right thing re certificates for phase1 (I'm not using EAP-MSCHAPv2 and EAP-GTC. I'm not using EAP-TLS):

According to http://projects.gnome.org/NetworkManager/developers/settings-spec-08.html I must set ca-cert to "file:///path/to/cert.der" with a trailing null byte and I should also set ca-path to a directory that contains the certs for the chain (as DER).

I'm assuming that phase2-ca-cert and phase2-ca-path are used for EAP-TLS and I shouldn't be concerned with them.

If I supply the chain certs do I need to supply the server cert in ca-cert?

If I supply just the ca-cert do I need the chain certs?

Is there anything else I need to know or do to avoid creating a big security hole?

Thanks,

John.

--
John Carter
Identity Networks
jcarter identitynetworks com

Follow-Ups:
- Re: Query on setting ca-path and ca-cert with dbus for 802.1x
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]