Ask / Submit
1

EAP-TLS: Private key not configured

asked 2014-02-06 17:58:19 +0200

m4r0v3r gravatar image

updated 2014-02-06 18:33:20 +0200

PyroDevil gravatar image

I cannot seem to connect to my companies wifi via TLS private key, this is the log from WPA_supplicant:

wlan0: Trying to associate with SSID 'Private'
wlan0: Associated with MAC ADDRESS
wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=17 -> NAK
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
EAP-TLS: Private key not configured
wlan0: EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS)
wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
wlan0: Authentication with MAC ADDRESS timed out.
wlan0: CTRL-EVENT-DISCONNECTED bssid=MAC ADDRESS reason=3 locally_generated=1
wlan0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="Private" auth_failures=1 duration=10

and this is my configuration for /var/lib/connman/wifi_private.config:

[service_private]
Type=wifi
Name=Private
EAP=tls
PrivateKeyFile=/home/nemo/.cert/private_wifi.p12
PrivateKeyPassphrase=KEYPASSPHRASE
PrivateKeyPassphraseType=fsid
Identity=name@email.com

Anybody know where I might be going wrong? The certificate file, the p12 file is definitely valid since when I connect through a Ubuntu laptop using that certificate it works perfectly.

edit retag flag offensive close delete

Comments

You seems to have enabled the developer mode, so you could try to use connmanctl as described in the answer to this. Maybe that solves your problem.

And please code tag log log entries

PyroDevil ( 2014-02-06 18:21:16 +0200 )edit

Ah cheers ill give it a go

m4r0v3r ( 2014-02-06 18:31:51 +0200 )edit

When I attempt to connect from your post and paste in the wifi_xxxx related to my network I receive an error Invalid arguments.

m4r0v3r ( 2014-02-07 13:16:29 +0200 )edit

2 Answers

Sort by » oldest newest most voted
2

answered 2014-03-20 19:18:12 +0200

abg1979 gravatar image

I was able to configure this after specifying the CA certificate too in the config. My config looks like the following

[service_SECUREWIFI]
Type = wifi
Name=SECUREWIFI
EAP = tls
CACertFile = /home/nemo/.cert/PrivateCA.pem
ClientCertFile = /home/nemo/.cert/JollaClient.pem
PrivateKeyFile = /home/nemo/.cert/JollaKey.pem
PrivateKeyPassphrase=mypassword
Identity=myuser@mycompany.com

All the cert files I have used are in pem format.

edit flag offensive delete publish link more
1

answered 2014-02-06 19:41:51 +0200

jr gravatar image

You should probably comment out the PrivateKeyPassphraseType=fsid line because it prevents the use of the PrivateKeyPassphrase field.
See http://git.kernel.org/cgit/network/connman/connman.git/tree/doc/config-format.txt for more details about config file format.

edit flag offensive delete publish link more

Comments

I already had a file without the PrivateKeyPassphraseType, I added it recently due to no other options

m4r0v3r ( 2014-02-06 20:57:20 +0200 )edit
Login/Signup to Answer

Question tools

Follow
1 follower

Stats

Asked: 2014-02-06 17:58:19 +0200

Seen: 1,055 times

Last updated: Mar 20 '14