All,
I am trying to get EAP-TLS working on an Ubuntu Linux machine. The system is controlled by Centrify and Centrify has pushed out a certificate, private key and chain file to the machine. I am attempting to use the wpa_supplicant with the following configuration:
When we run the following command:
sudo -i wpa_supplicant -c /etc/wpa_supplicant.conf -D wired -i eno1
We see the following sequence of messages repeated. I am trying to validate that the private key doesn't have a password. I am also going to try with key_mgmt set to WPA-EAP. I can see the request come into ISE but ISE is recording the client is rejecting the authentication protocol which maybe the WPA-EAP will fix. Has anyone gotten wpa_supplicant to work correctly?
Successfully initialized wpa_supplicant
eno1: Associated with 01:80:c2:00:00:03
WMM AC: Missing IEs
eno1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
eno1: CTRL-EVENT-EAP-STARTED EAP authentication started
eno1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
OpenSSL: tls_connection_ca_cert - Failed to load root certificates error:0B084088:x509 certificate routines:X509_load_cert_crl_file:no certificate or crl found
OpenSSL: tls_load_ca_der - Failed load CA in DER format error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
OpenSSL: pending error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error
OpenSSL: pending error: error:0B06F00D:x509 certificate routines:X509_load_cert_file:ASN1 lib
TLS: Failed to set TLS connection parameters
EAP-TLS: Failed to initialize SSL.
eno1: EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS)
eno1: CTRL-EVENT-EAP-FAILURE EAP authentication failed
eno1: CTRL-EVENT-EAP-STARTED EAP authentication started
eno1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
OpenSSL: tls_connection_ca_cert - Failed to load root certificates error:0B084088:x509 certificate routines:X509_load_cert_crl_file:no certificate or crl found
OpenSSL: tls_load_ca_der - Failed load CA in DER format error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
OpenSSL: pending error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error
OpenSSL: pending error: error:0B06F00D:x509 certificate routines:X509_load_cert_file:ASN1 lib
TLS: Failed to set TLS connection parameters
EAP-TLS: Failed to initialize SSL.
I have successfully setup an Ubuntu machine to use EAP-TLS, but only from the x-windows UI. The UI requires you to specify the password used for the private key, so I suspect this is not optional. The procedure I used to set this up:
- Used openssl to generate the private key and CSR; specified the optional password
- Signed the CSR using my Windows ADCS and saved both the DER-formatted identity and Root CA certs to my ubuntu machine
- Opened the Network tool (I believe provided by the NetworkManager package) and configured the required settings
Hi Greg.
Could you share the process to generate the user certificate and private key on linux?
Here is my configuration, but I think I did something wrong during the process to generate the user certificate and key.
Could you please clarify the steps?
Thanks
