[CentOS] NetworkManger wireless issues - "Failed to load root certificates"/"unable to get local issuer certificate"

Fri Sep 2 17:27:54 UTC 2016
Toralf Lund <toralf.lund at pgs.com>

Hi,

I'm trying to connect my CentOS 6.8 laptop to the wireless net at work, 
which is secured with WPA2 and AES. I've done this successfully in the 
past using NetworkManager, but a new safety feature was recently 
introduced: A CA certificate is required. After this, I've not been able 
to connect. I have a DER format file, whose path I've entered in

CA certificate:

in the NetworkManager security page, but apparently, this isn't enough; 
NetworkManager will try for a while, then pop up the security/login 
dialog again. I found the following in /var/log/wpa_supplicant.log, 
which I believe is related to this issue:

CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 -> NAK
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
OpenSSL: tls_connection_ca_cert - Failed to load root certificates 
error:00000000:lib(0):func(0):reason(0)
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
TLS: Certificate verification failed, error 20 (unable to get local 
issuer certificate) depth 1 for '/DC=com/DC=.../DC=.../CN=...'
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=1 
subject='/DC=com/DC=.../DC=.../CN=...' err='unable to get local issuer 
certificate'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
OpenSSL: openssl_handshake - SSL_connect error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
CTRL-EVENT-EAP-FAILURE EAP authentication failed

Note: I've removed some of the "DC=" info for privacy reasons, but what 
I'm seeing there, makes me think that the DER file has indeed been read.

Maybe this means I have to provide additional certificate info 
somewhere, somehow, but what would be the exact nature of the data, and 
where do I put it? I googled for some of the error messages and found 
that others have had similar issues, but the feedback given to them left 
me none the wiser. Actually, wpa_supplicant.conf updates are mentioned 
in some cases, but they appear to be related to information that I 
thought would be provided by NetworkManager in this case.

So, does anyone know more about this? What certificate or certificate 
configuration files should I need in addition to what's specified in the 
NetworkManager config? What else may be wrong?

Any help will be appreciated.

- Toralf