Query on setting ca-path and ca-cert with dbus for 802.1x


I'm writing a small app that creates 802.1x profiles. I can create profiles and connect, but I'm not sure I'm doing the right thing re certificates for phase1 (I'm not using EAP-MSCHAPv2 and EAP-GTC. I'm not using EAP-TLS):

According to  http://projects.gnome.org/NetworkManager/developers/settings-spec-08.html I must set ca-cert to "file:///path/to/cert.der" with a trailing null byte and I should also set ca-path to a directory that contains the certs for the chain (as DER).

I'm assuming that phase2-ca-cert and phase2-ca-path are used for EAP-TLS and I shouldn't be concerned with them.

If I supply the chain certs do I need to supply the server cert in ca-cert?

If I supply just the ca-cert do I need the chain certs?

Is there anything else I need to know or do to avoid creating a big security hole?



John Carter
Identity Networks
jcarter identitynetworks com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]