Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking
User Name
Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux.


  Search this Thread
Old 02-12-2006, 02:14 PM   #1
LQ Newbie
Registered: Oct 2005
Location: Tromsų, Norway
Posts: 3

Rep: Reputation: 0
problems with root certificate in xsupplicant for 802.1x authentication

I have Debian 'sarge' installed on my dell 8100 laptop, and i am connecting to my university internet LAN through 802.1x authentication, and using Xsupplicant as client.

The installation of Xsupplicant went fine, and I got the xsupplicant.conf file from the university. The problem is that it never authenticates.

Here is the output to the xsupplicant.log:

Interface initalized!
No configuration information for network "(null)" found. Using default.
Connection established, authenticating...
Failed to initalize path to root certificate!
OpenSSL Error -- error:02001002:system library:fopen:No such file or directory
Couldn't load root certificates!
OpenSSL Error -- error:2006D080:BIO routines:BIO_new_file:no such file
Couldn't create SSL object!
OpenSSL Error -- error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
The SSL handle is invalid in tls_funcs_decode_packet()!"
Here's my xsupplicant.conf

# This is an example configuration file for xsupplicant versions after 0.8b.


network_list = all
default_netname = default

startup_command = <BEGIN_COMMAND>ifconfig eth0 allmulti up<END_COMMAND>
first_auth_command = <BEGIN_COMMAND>dhcpcd -n<END_COMMAND>
reauth_command = <BEGIN_COMMAND>dhcpcd -n<END_COMMAND>

logfile = /var/log/xsupplicant.log

deny_interfaces = lo



type = wired
allow_types = all
identity = <BEGIN_ID>myemail@myuniversity<END_ID>

eap-peap {
root_cert = /etc/1x/cert/demoCA/cacert.pem
root_dir = /etc/1x/cert/demoCA
chunk_size = 1398
random_file = /etc/1x/cert/random
session_resume = yes
allow_types = all # where all = MSCHAPv2, MD5, OTP, GTC, SIM

eap-mschapv2 {
username = <BEGIN_UNAME>myemail@myuniversity<END_UNAME>
password = <BEGIN_PASS>mypassword<END_PASS>
I guess the problem is something in openssl and not in xsupplicant. The path to the root certificate did not exist when I checked it out, so I made it and placed a file called cacert.pem containing some kind of certificate-code that my university supplied me.

I've started to read about openssl, but I am quite new to linux, and it will take me some time to find the relevant information and put it in context. Could anyone put some good words on this problem, or is there a fairly easy solution I can apply directly? (like f.eks. validize the path to the certificate with openssl in advance, or create the file containing the certificate through some commands in openssl, and then let the path point to that directory?)

Thanx for taking the time to read this!



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
What distribution has XSupplicant integrated for 802.1x authorization? switchflux Linux - Distributions 1 01-20-2006 12:42 PM
Initial Association for 802.1X Authentication andrewb758 Linux - Wireless Networking 14 03-04-2005 12:12 AM
802.1x authentication over LAN Ben Novack Linux - Wireless Networking 0 02-10-2004 11:18 PM
Problems to enable 802.11g instead of 802.11b on WMP54g ronannormandie Linux - Wireless Networking 0 01-14-2004 02:59 PM
certificate authentication for ssh cuss Linux - Security 1 12-16-2002 09:48 AM > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking

All times are GMT -5. The time now is 03:28 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration