Created attachment 314248 [details]
wpa_supplicant running on the T61 with F9
Description of problem:
In the past using NetworkManager 0.6.6 I could connect to EAP using digital certs.
I would use the following.
I would create these files using
openssl pkcs12 -clcerts -in name.p12 -out "client_certificate.cer"
openssl pkcs12 -cacerts -in name.p12 -out "ca_certificate.pem"
openssl pkcs12 -nocerts -in name.p12 -out "private-key.pem"
This worked fine with NM 0.6.6
For NM 0.7.0 I now need to replace the "client_certificate.cer" file with
openssl pkcs12 -clcerts -in name.p12 -out "user_certificate.pem"
However irrespective how I configure NetworkManager, i.e.
Security : Dynamic Wep (802.1x)
Security : WPA&WPA2 Enterprise
I cannot connect, using the same files from the command line and manually running
wpa_supplicant against a conf file I can.
eap-f9-wpa.txt - wpa_supplicant running on the T61 with F9, connecting manually
lan0-messages wpa_supplicant.log logs of me trying to connect using NetworkManager
Created attachment 314249 [details]
Created attachment 314250 [details]
Dan any update here?
I believe .cer format files are actually DER files just with a different extension. I've whitelisted the ".cer" extension upstream in the applet (svn r950) and that should make the next batch of F8, F9, and rawhide updates. Please re-open if the certs aren't recognized by the applet when you try to select them.
Dan - Thanks for the .cer whitelist.
I'm uncertain from your comment if this patch will be included in the RHEL 5.3 version of NetworkManager .7
IBM would very much like to have NetworkManager TLS certificate support included in RHEL 5.3
5.3 is pretty much tracking SVN trunk as we wrap up the dev cycle of 0.7, so yes.