[CentOS] NetworkManger wireless issues - "Failed to load root certificates"/"unable to get local issuer certificate"
toralf.lund at pgs.com
Fri Sep 2 17:27:54 UTC 2016
I'm trying to connect my CentOS 6.8 laptop to the wireless net at work,
which is secured with WPA2 and AES. I've done this successfully in the
past using NetworkManager, but a new safety feature was recently
introduced: A CA certificate is required. After this, I've not been able
to connect. I have a DER format file, whose path I've entered in
in the NetworkManager security page, but apparently, this isn't enough;
NetworkManager will try for a while, then pop up the security/login
dialog again. I found the following in /var/log/wpa_supplicant.log,
which I believe is related to this issue:
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 -> NAK
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
OpenSSL: tls_connection_ca_cert - Failed to load root certificates
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
TLS: Certificate verification failed, error 20 (unable to get local
issuer certificate) depth 1 for '/DC=com/DC=.../DC=.../CN=...'
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=1
subject='/DC=com/DC=.../DC=.../CN=...' err='unable to get local issuer
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
OpenSSL: openssl_handshake - SSL_connect error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
CTRL-EVENT-EAP-FAILURE EAP authentication failed
Note: I've removed some of the "DC=" info for privacy reasons, but what
I'm seeing there, makes me think that the DER file has indeed been read.
Maybe this means I have to provide additional certificate info
somewhere, somehow, but what would be the exact nature of the data, and
where do I put it? I googled for some of the error messages and found
that others have had similar issues, but the feedback given to them left
me none the wiser. Actually, wpa_supplicant.conf updates are mentioned
in some cases, but they appear to be related to information that I
thought would be provided by NetworkManager in this case.
So, does anyone know more about this? What certificate or certificate
configuration files should I need in addition to what's specified in the
NetworkManager config? What else may be wrong?
Any help will be appreciated.
More information about the CentOS