I am attempting to connect to my university's network which uses:
128-bit rotating dynamic WEP keys and EAP-TTLS/PAP and server-only certificates.
I am using wpa_supplicant.
The university provides two certificates which I understand are chosen randomly.
I have seen talk here about the ca_cert2="/blah" setting and am I correct that is only for setting the certificate for the phase2 (i.e. PAP) level?
How do I designate two certificates otherwise?
Konqueror and KCertPart indicate the two certificates provided by the U are DEM, PEM, or Netscape encoded X.509 type. They have .cer extensions. I tried concatenating them into one using the openssl 'cat' command and designating both.pem as the output but here is what I get from wpa_supplicant with ca_cert="/etc/cert/both.pem" and -d set:
Code:
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
OpenSSL: tls_connection_ca_cert - Failed to load root certificates error:00000000:lib(0):func(0):reason(0)
OpenSSL: tls_load_ca_der - Failed load CA in DER format error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table
OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
CTRL-EVENT-CONNECTED - Connection to 00:14:f2:da:1f:d0 completed (reauth) [id=0 id_str=]
While it does authenticate, I am unsure why the fail to load error, is this not a problem? Or,is it allowing me to authenticate because I've also imported the certificates to my system using Kleopatra? (note: cert already in hash table) Or, is it really reading them and I just don't see it because I only set -d and not -dd ?
I would like to know if there is a way to call either/both certificates, perhaps
ca_cert="/etc/cert/cert1.cer, /etc/cert/cert2.cer"
also, what is the ca_path="/etc/cert/" command used for?
Sorry for a lot of questions, but I have searched for days on some documentation on multiple certificates and have come up empty handed...lindope