We have moved to a new Sailfish OS Forum. Please start new discussions there.
4

Wifi EAP CA Certificate [answered]

asked 2014-07-29 11:23:24 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2014-07-30 11:07:18 +0200

jiit gravatar image

Hi Everyone, I am new to Jolla phone, just got it yesterday and I was trying to connect to a wifi. But I have problems, I have read the link WPA-802.1X (enteprise) +[Others] wifi support needed + workaround but I have found it not helping me with the certificate. I need to connect to a wifi. WIFI security type: WPA/WPA2 Enterprise Enterprise Sub-Type: PEAP CA certificate: GeoTrust Global CA

Please advise. Thanks.

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by chemist
close date 2014-07-30 21:44:57.269969

Comments

Could you please tell us what u did until now. Did you start to write a configurationfile like in that post you read? Do u have the certificate on your device or is it part of the bundle. I'm really not the biggest expert in this but thats what I know: U need the certificate installed (most times it's enough to open it with the browser - for me it told me that it's already installed - then it is in the bundle) U need to create a configuration file as presented in the other thread Usually it should work then if ur configuration file is correct.

Unfortunately I have also some trouble with this. It worked for me with the old patch and the patched wpa_supplicant but since 1.0.8.19 its not working so maybe I can't help you.

NuklearFart ( 2014-07-29 12:20:24 +0200 )edit

first i was a bit skeptical about enabling devel mode as I hear the warranty would be void and since it's just a couple of days old phone. it may not be wise. but seems like there is no option. right? no i haven't tried anything major yet because of above reasosn. I just read through all the posts and how to get it going. I don't know in depth how ssl certificates and EAP and wifi security works. and all I read was about university ssl certificates and I didn't know if this would work for me too. so until i am pretty sure that it would definitely work for me i.e. the cert and information provided above, I don't want to enable any devel mode for no reason and lose a warranty.

Manzer ( 2014-07-29 12:45:13 +0200 )edit

Well then I think you do not have an other option. As long as you need some certificate you need to do that settings on the wifi you use and the only way I know to do this is creating a config file as written in the other thread which includes dev mode. Maybe at some time there will come a patch which includes wifi settings as on a computer but this is in future. Maybe some other guys know more then me.

NuklearFart ( 2014-07-29 14:46:16 +0200 )edit

I read the main thread again, it says the rpm package wpa_supplicant installation is no longer relevant after update 8 (which I am on) so basically I just have to create a cfg file.

Do you think name of a file matters? or its ownership or permissions? The certificates are they present all in /etc/ssl/certs/ ? or I have to download from somewhere. Sorry for my little understanding on this part. what is Phase2?

vim /var/lib/connman/wifi_counterps.config

[service_conterps] Type=wifi Name=conterps EAP=peap CACertFile=/etc/ssl/certs/? Phase2=? Identity=user@domain Passphrase=yoursecret

Manzer ( 2014-07-29 15:41:45 +0200 )edit

1 Answer

Sort by » oldest newest most voted
1

answered 2014-07-29 22:23:38 +0200

chemist gravatar image

updated 2014-07-29 22:32:59 +0200

Just copy and paste the lines from the how-to and do NOT alter the cert line. I tried to set the right cert there too but it is actually wrong (or it does not work this way) to do so.

Yes name of the file matters wifi_$yours.config Permissions are +r (think daemons cannot read files even if invoked by root if they are -r)

leave alone this line (your root cert is within the bundle)

CACertFile=/etc/ssl/certs/ca-bundle.crt

there is inner- and outer-phase (server connection), Phase2 is inner eg user+password authentication (PAP, MSCHAPV2), outer is the serverconnection itself with or without authentication (PEAP,EAP,etc)

MSCHAPV2 is Microsoft, if your guys run a MS server this should work, most Radius servers support this too.

[service_conterps]
Type=wifi
Name=conterps
EAP=peap
CACertFile=/etc/ssl/certs/ca-bundle.crt
Phase2=MSCHAPV2
Identity=user@domain
Passphrase=yoursecret

if that does not connect try PAP for phase2

edit flag offensive delete publish link more

Comments

Thank you!

Manzer ( 2014-07-30 12:32:46 +0200 )edit

I am sure it is MSCHAPV2 as my laptop connects and the settings match. I have done exactly like this and upon rebooting the wifi keeps trying to connect and disconnect and there is a highlight at the top saying "problem with connection" what other parameters I can check? is there a log file that I can go to check.

Manzer ( 2014-07-30 17:08:04 +0200 )edit

nevermind, it worked.

Manzer ( 2014-07-30 19:01:12 +0200 )edit

Question tools

Follow
1 follower

subscribe to rss feed

Stats

Asked: 2014-07-29 11:23:24 +0200

Seen: 669 times

Last updated: Jul 29 '14

Related questions

WPA-802.1X (aka WPA enterprise) (eg. eduroam) support [duplicate]

[How-To] WPA-802.1X (enterprise), eduroam +[Others] GUI wifi support needed + workaround [released]

howto: copy & paste (wlan settings)

Wlan/WiFi connection can't be established

[Implemented in 1.0.4.20] WiFi tethering [released]

Wifi hotspot [duplicate]

Why saved WLAN networks disappear and re-appear [released]

self-signed SSL certificates should be accepted for Exchange sync [answered]

Hotspot setting (turn on when charging)

WLAN: Not enough time to enter a password for SSID

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49