http://bugzilla.novell.com/show_bug.cgi?id=546716 Summary: "Use System CA Certs" option not working for WPA-Enterprise networks Classification: openSUSE Product: openSUSE 11.2 Version: Milestone 8 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Mobile Devices AssignedTo: mobile-bugs@forge.provo.novell.com ReportedBy: nice@titanic.nyme.hu QAContact: qa@suse.de Found By: --- Created an attachment (id=322380) --> (http://bugzilla.novell.com/attachment.cgi?id=322380) My root CA cert User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; hu-HU; rv:1.9.1.3) Gecko/20090909 SUSE/3.5.3-2.1 Firefox/3.5.3 I'm using openSUSE 11.2 with knetorkmanager to connect to WPA-Enterprise network. Knetworkmanager is getting more and more usable, despite some issues: https://bugs.kde.org/show_bug.cgi?id=209673 https://bugs.kde.org/show_bug.cgi?id=209675 https://bugs.kde.org/show_bug.cgi?id=210342 (and others don't affecting WiFi) However, I noticed, that when I choose the "Use System CA Certs" option, and copy the root CA cert in PEM form into the /etc/ssl/certs directory (because of this /var/log/NetworkManager log file piece: "Config: added 'ca_path' value '/etc/ssl/certs'"), wpa_supplicant won't be willing to validate the radius server's certificate. Wpa_supplicant say the following: CTRL-EVENT-EAP-STARTED EAP authentication started CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected TLS: Certificate verification failed, error 19 (self signed certificate in certificate chain) depth 1 for '/C=HU/ST=Gyor-Moson-Sopron/L=Sopron/O=The University of West Hungary/OU=Information Systems Services Department/CN=UWH Certificate Assertion 2006-2010/emailAddress=admin@nyme.hu' SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed CTRL-EVENT-EAP-FAILURE EAP authentication failed I consider this a problem, because Gnome's nm-applet works with the very same root CA cert when I specify the .pem file exactly. Isn't it enough to copy the pem file into the directory /etc/ssl/certs ? Reproducible: Always -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.