[TriLUG] Wireless setup problem

Paul Boyle pboyle at uwo.ca
Tue Aug 5 08:14:02 EDT 2014 

Hi,

I am staying at dorm for a conference where the WiFi setup is using PEAP authentication and requires a certificate. My distro (OpenSuSE 13.1) has included the appropriate certificate. However, the authentication fails. In looking through the wpa_supplicant log, the reason for the failure (AFAIK) is that the certificate is self signed.

Below is an excerpt from the wpa_supplicant log:

#start log excerpt
Successfully initialized wpa_supplicant
Successfully initialized wpa_supplicant
wlan1: SME: Trying to authenticate with 00:0b:86:4a:df:e1 (SSID='wpa.rez.mcgill.ca' freq=2437 MHz)
wlan1: Trying to associate with 00:0b:86:4a:df:e1 (SSID='wpa.rez.mcgill.ca' freq=2437 MHz)
wlan1: Associated with 00:0b:86:4a:df:e1
wlan1: CTRL-EVENT-EAP-STARTED EAP authentication started
wlan1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlan1: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
TLS: Certificate verification failed, error 19 (self signed certificate in certificate chain) depth 3 for '/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server at thawte.com'
wlan1: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=3 subject='/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server at thawte.com' err='self signed certificate in certificate chain'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
OpenSSL: openssl_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
wlan1: CTRL-EVENT-EAP-FAILURE EAP authentication failed
wlan1: Authentication with 00:0b:86:4a:df:e1 timed out.
wlan1: CTRL-EVENT-DISCONNECTED bssid=00:0b:86:4a:df:e1 reason=3 locally_generated=1
wlan1: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="wpa.rez.mcgill.ca" auth_failures=1 duration=10

#end log excerpt

Can someone tell me if there is a way to add something to the wpa_supplicant.conf file which will allow the use of self signed certificates? I've been going through the documentation, but I haven't found anything.

Thanks for any help or suggestions.


--
Paul D. Boyle, Ph. D.
Manager, X-ray Facility
Department of Chemistry
Western University
London, ON N6A 5B7
Canada

More information about the TriLUG mailing list