Hi, I'm writing a small app that creates 802.1x profiles. I can create profiles and connect, but I'm not sure I'm doing the right thing re certificates for phase1 (I'm not using EAP-MSCHAPv2 and EAP-GTC. I'm not using EAP-TLS):
According to http://projects.gnome.org/NetworkManager/developers/settings-spec-08.html I must set ca-cert to "file:///path/to/cert.der" with a trailing null byte and I should also set ca-path to a directory that contains the certs for the chain (as DER). I'm assuming that phase2-ca-cert and phase2-ca-path are used for EAP-TLS and I shouldn't be concerned with them. If I supply the chain certs do I need to supply the server cert in ca-cert? If I supply just the ca-cert do I need the chain certs? Is there anything else I need to know or do to avoid creating a big security hole? Thanks, John. -- John Carter Identity Networks [email protected]
_______________________________________________ networkmanager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
