我使用 802.1x 和 PEAP 身份验证以及 MSCHAPv2 内部身份验证。并收到“未知 CA”错误。我尝试使用 update-ca-certificates 安装根 CA,但没有帮助。
是否有可能获得有关该问题的更多信息或者只是忽略证书颁发者?
系统日志:
wpa_supplicant[1380]: enp0s25: CTRL-EVENT-EAP-STARTED EAP authentication started
wpa_supplicant[1380]: enp0s25: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wpa_supplicant[1380]: enp0s25: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
wpa_supplicant[1380]: TLS: Certificate verification failed, error 20 (unable to get local issuer certificate) depth 0 for '/C=RU/ST=RU/L=MSK/O=*COMPANY*/OU=ITSEC/CN=*hostname.com*/*[email protected]*'
wpa_supplicant[1380]: enp0s25: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=0 subject='/C=RU/ST=RU/L=MSK/O=*COMPANY*/OU=ITSEC/CN=*hostname.com*/emailAddress=*[email protected]*' err='unable to get local issuer certificate'
wpa_supplicant[1380]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
wpa_supplicant[1380]: OpenSSL: openssl_handshake - SSL_connect error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
wpa_supplicant[1380]: enp0s25: CTRL-EVENT-EAP-FAILURE EAP authentication failed
答案1
我按照这里的步骤操作,并且解决了上述错误。
请使用 nmcli 添加密码。
Edit /etc/NetworkManager/system-connections/CONNECTION_NAME:
[connection]
id=CONNECTION_NAME
[802-1x]
password=YOUR_8021X_PASSWORD
重启网络
systemctl 重启 NetworkManager
您可能需要关闭并打开界面来测试新的更改:
nmcli con down CONNECTION_NAME nmcli con up CONNECTION_NAME
非常感谢这个来源: