802.1x证书验证失败

Question

我将802.1x用于PEAP身份验证和MSCHAPv2内部身份验证。并接收“未知CA”错误。我尝试过使用update- CA证书安装根ca，但是没有帮助。

是否有可能获得有关该问题的其他信息，或者干脆忽略证书颁发机构？

Syslog：

wpa_supplicant[1380]: enp0s25: CTRL-EVENT-EAP-STARTED EAP authentication started
wpa_supplicant[1380]: enp0s25: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wpa_supplicant[1380]: enp0s25: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
wpa_supplicant[1380]: TLS: Certificate verification failed, error 20 (unable to get local issuer certificate) depth 0 for '/C=RU/ST=RU/L=MSK/O=*COMPANY*/OU=ITSEC/CN=*hostname.com*/*email@hostname.com*'
wpa_supplicant[1380]: enp0s25: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=0 subject='/C=RU/ST=RU/L=MSK/O=*COMPANY*/OU=ITSEC/CN=*hostname.com*/emailAddress=*email@hostname.com*' err='unable to get local issuer certificate'
wpa_supplicant[1380]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
wpa_supplicant[1380]: OpenSSL: openssl_handshake - SSL_connect error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
wpa_supplicant[1380]: enp0s25: CTRL-EVENT-EAP-FAILURE EAP authentication failed

Answer 1

从这里开始，我遵循了这些步骤，并对上面的错误进行了处理。

请使用nmcli添加密码。

Edit /etc/NetworkManager/system-connections/CONNECTION_NAME:
[connection]
id=CONNECTION_NAME




[802-1x]
password=YOUR_8021X_PASSWORD

重新启动网络

重新启动NetworkManager

您可能需要关闭和提升接口以测试新的更改：

CONNECTION_NAME nmcli con CONNECTION_NAME

所有的感谢是因为这个消息来源：

Ubuntu16.04不支持无CA证书的PEAP身份验证