Bug 459027 - Network Manager 0.7.0 TLS and certs
Network Manager 0.7.0 TLS and certs
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: NetworkManager (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Dan Williams
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-13 16:08 EDT by Traxtopel
Modified: 2008-10-21 08:55 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-10-20 11:02:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
wpa_supplicant running on the T61 with F9 (42.59 KB, text/plain)
2008-08-13 16:08 EDT, Traxtopel
no flags Details
wlan0 messages (25.32 KB, application/octet-stream)
2008-08-13 16:09 EDT, Traxtopel
no flags Details
wpa-supplicant log (2.05 MB, application/octet-stream)
2008-08-13 16:09 EDT, Traxtopel
no flags Details

  None (edit)
Description Traxtopel 2008-08-13 16:08:34 EDT
Created attachment 314248 [details]
wpa_supplicant running on the T61 with F9

Description of problem:

In the past using NetworkManager 0.6.6 I could connect to EAP using digital certs.

I would use the following.
ca_certificate.pem
client_certificate.cer
private_key.pem

I would create these files using
openssl pkcs12 -clcerts -in name.p12 -out "client_certificate.cer"
openssl pkcs12 -cacerts -in name.p12 -out "ca_certificate.pem"
openssl pkcs12 -nocerts -in name.p12 -out "private-key.pem"

This worked fine with NM 0.6.6
For NM 0.7.0 I now need to replace the "client_certificate.cer" file with
openssl pkcs12 -clcerts -in name.p12 -out "user_certificate.pem"

However irrespective how I configure  NetworkManager, i.e.
Security : Dynamic Wep (802.1x)
or
Security : WPA&WPA2 Enterprise
Authentication TLS
I cannot connect, using the same files from the command line and manually running
wpa_supplicant against a conf file I can.

eap-f9-wpa.txt - wpa_supplicant running on the T61 with F9, connecting manually
lan0-messages wpa_supplicant.log logs of me trying to connect using NetworkManager
Comment 1 Traxtopel 2008-08-13 16:09:30 EDT
Created attachment 314249 [details]
wlan0 messages
Comment 2 Traxtopel 2008-08-13 16:09:52 EDT
Created attachment 314250 [details]
wpa-supplicant log
Comment 3 Traxtopel 2008-09-18 10:11:22 EDT
Dan any update here?
Comment 4 Dan Williams 2008-10-20 11:02:18 EDT
I believe .cer format files are actually DER files just with a different extension.  I've whitelisted the ".cer" extension upstream in the applet (svn r950) and that should make the next batch of F8, F9, and rawhide updates.  Please re-open if the certs aren't recognized by the applet when you try to select them.
Comment 5 John Walicki 2008-10-20 16:32:36 EDT
Dan - Thanks for the .cer whitelist.

I'm uncertain from your comment if this patch will be included in the RHEL 5.3 version of NetworkManager .7

IBM would very much like to have NetworkManager TLS certificate support included in RHEL 5.3
Comment 6 Dan Williams 2008-10-21 08:55:50 EDT
5.3 is pretty much tracking SVN trunk as we wrap up the dev cycle of 0.7, so yes.

Note You need to log in before you can comment on or make changes to this bug.