# Wireless LAN SSL certificate troubles (?)

## Silenzium

Hey,

I've troubles connecting to the wireless network of my university. It's not a problem to connect to wireless networks in general, as it works at home for instance. But I can't connect to this network with WPA/TKIP (802.1x EAP/TTLS Radius PAP auth).  I think it's some kind of problem related to SSL/TLS certificates, but I don't know how to solve this problem. Here's the relevant output of "wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -i eth1 -D wext -d":

```
EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

TX EAPOL: dst=xx.xx....

EAPOL: SUPP_BE entering state RECEIVE

RX EAPOL from xx.xx....

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request id=8 method=21 vendor=0 vendorMethod=0

EAP: EAP entering state METHOD

SSL: Received packet(len=256) - Flags 0x80

SSL: TLS Message Length: 5316

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 read server hello A

TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=3 buf='...'

TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=2 buf='...'

TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=1 buf='...'

TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=0 buf='...'

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 read server certificate A

SSL: (where=0x4008 ret=0x233)

SSL: SSL3 alert: write (local SSL3 detected an error):fatal:decrypt error

SSL: (where=0x1002 ret=0xffffffff)

SSL: SSL_connect:error in SSLv3 read server key exchange B

OpenSSL: tls_connection_handshake - SSL_connect error:04077068:rsa routines:RSA_verify:bad signature

OpenSSL: pending error: error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature

SSL: 7 bytes pending from ssl_out

SSL: Failed - tls_out available to report error

SSL: 7 bytes left to be sent out (of total 7 bytes)

EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL

```

btw: VPN also does not work because of errors in the certificate chain.

My /etc/wpa_supplicant/wpa_supplicant.conf

```
ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=10

eapol_version=2

update_config=1

network={

        ssid="eduroam"

        key_mgmt=WPA-EAP

        proto=RSN

        pairwise=CCMP

        group=TKIP

        eap=TTLS

        identity="xxxx@xxxx.xx"

        password="*********"

        ca_cert="/etc/wpa_supplicant/Cert.pem"

        phase2="auth=PAP"

        priority=2

}

```

Any ideas?

----------

