freeRADIUS 3.0.4, NetworkManager 1.0.6-27.el7, and wpa_supplicant v2.0 client side cert issues?
Stefan Winter
stefan.winter at restena.lu
Wed Feb 10 08:14:29 CET 2016
Hi,
> connections to work. I am hoping that someone can tell me if I am wrong or,
> if the issue is NetworkManager.
NetworkManager allows you to configure the filename of the CA; there is
no need to dump the CA cert in a globally used place.
> AS root :
> > cp /home/user/CERTS/radius_ca.pem /etc/pki/ca-trust/source/anchors/
> >update-ca-trust
Why? Many if not all UIs for NetworkManager ask you for the filename of
the CA certificate directly. I'm attaching a screenshot of KDE5's Plasma
NM network editor (in German, sorry). It very explicitly asks for *CA
Certificate* along with a file selection box.
If your UI to NM does not give you that, time to change the UI frontend.
> 7. I REALLY DONT LIKE THE SELF SIGNED / PRIVATE CA GLOBALLY.
>
> Does anyone see any obvious mistakes in what a described above?
Independently of UI, there are scripts that set up NetworkManager via
D-Bus mostly automatically; and they of course store the CA certificate
in a custom place, only referenced by the imported configuration. You
may want to check out e.g. https://802.1x-config.org or if you are
member of the eduroam roaming consortium https://cat.eduroam.org.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160210/266f06f9/attachment.sig>
More information about the Freeradius-Users
mailing list