We have moved to a new Sailfish OS Forum. Please start new discussions there.
1

EAP-TLS: Private key not configured

asked 2014-02-06 17:58:19 +0200

m4r0v3r gravatar image

updated 2014-02-06 18:33:20 +0200

PyroDevil gravatar image

I cannot seem to connect to my companies wifi via TLS private key, this is the log from WPA_supplicant:

wlan0: Trying to associate with SSID 'Private'
wlan0: Associated with MAC ADDRESS
wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=17 -> NAK
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
EAP-TLS: Private key not configured
wlan0: EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS)
wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
wlan0: Authentication with MAC ADDRESS timed out.
wlan0: CTRL-EVENT-DISCONNECTED bssid=MAC ADDRESS reason=3 locally_generated=1
wlan0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="Private" auth_failures=1 duration=10

and this is my configuration for /var/lib/connman/wifi_private.config:

[service_private]
Type=wifi
Name=Private
EAP=tls
PrivateKeyFile=/home/nemo/.cert/private_wifi.p12
PrivateKeyPassphrase=KEYPASSPHRASE
PrivateKeyPassphraseType=fsid
Identity=name@email.com

Anybody know where I might be going wrong? The certificate file, the p12 file is definitely valid since when I connect through a Ubuntu laptop using that certificate it works perfectly.

edit retag flag offensive close delete

Comments

You seems to have enabled the developer mode, so you could try to use connmanctl as described in the answer to this. Maybe that solves your problem.

And please code tag log log entries

PyroDevil ( 2014-02-06 18:21:16 +0200 )edit

Ah cheers ill give it a go

m4r0v3r ( 2014-02-06 18:31:51 +0200 )edit

When I attempt to connect from your post and paste in the wifi_xxxx related to my network I receive an error Invalid arguments.

m4r0v3r ( 2014-02-07 13:16:29 +0200 )edit

3 Answers

Sort by » oldest newest most voted
2

answered 2014-03-20 19:18:12 +0200

abg1979 gravatar image

I was able to configure this after specifying the CA certificate too in the config. My config looks like the following 

[service_SECUREWIFI]
Type = wifi
Name=SECUREWIFI
EAP = tls
CACertFile = /home/nemo/.cert/PrivateCA.pem
ClientCertFile = /home/nemo/.cert/JollaClient.pem
PrivateKeyFile = /home/nemo/.cert/JollaKey.pem
PrivateKeyPassphrase=mypassword
Identity=myuser@mycompany.com

All the cert files I have used are in pem format.

edit flag offensive delete publish link more
1

answered 2014-02-06 19:41:51 +0200

jr gravatar image

You should probably comment out the PrivateKeyPassphraseType=fsid line because it prevents the use of the PrivateKeyPassphrase field.
See http://git.kernel.org/cgit/network/connman/connman.git/tree/doc/config-format.txt for more details about config file format.

edit flag offensive delete publish link more

Comments

I already had a file without the PrivateKeyPassphraseType, I added it recently due to no other options

m4r0v3r ( 2014-02-06 20:57:20 +0200 )edit
1

answered 2019-05-24 17:04:55 +0200

Sparkeyy gravatar image

I had a similar problem with UPB's eduroam, for me extracting the private key and client certificate worked.

openssl pkcs12 -in private_wifi.p12 -nocerts -out PrivateKey.pem
openssl pkcs12 -in private_wifi.p12 -clcerts -nokeys -out Client.pem

If the CA is included in the .p12

openssl pkcs12 -in client.p12 -cacerts -nokeys -out MyCA.pem

With a config as follows:

[service_SECUREWIFI]
Type=wifi
Name=SECUREWIFI
EAP=tls
CACertFile=/home/nemo/.cert/MyCA.pem
ClientCertFile=/home/nemo/.cert/Client.pem
PrivateKeyFile=/home/nemo/.cert/PrivateKey.pem
PrivateKeyPassphrase=ThePemPasswordYouHadToAssign
Identity=myuser@mycompany.
edit flag offensive delete publish link more
Login/Signup to Answer

Question tools

Follow
4 followers

subscribe to rss feed

Stats

Asked: 2014-02-06 17:58:19 +0200

Seen: 3,293 times

Last updated: May 24 '19

Related questions

VPN client [released]

Word prediction should be always turned off when entering passwords in Android apps [released]

Advanced network config [answered]

Password manager for Sailfish [answered]

Android VKB saves and suggests passwords in plaintext

Why saved WLAN networks disappear and re-appear [released]

3G network status icon [answered]

[Feature-request] Track & protect my Jolla

Keychain linked to TOH

Cloud backup should be encrypted

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49