# Wifi with WPA-EAP and radius (open)

## Tanisete

Hi to all!!

I've been trying to set a wifi AP with WPA-EAP, but something is failing. I've tried  to read the guides described in the gentoo-wiki, but there must be something I'm doing wrong. It's my first experience with this... The error I receive from wpa_supplicant is this:

```
Association request to the driver failed

Associated with 00:11:95:0a:30:00

CTRL-EVENT-EAP-STARTED EAP authentication started

OpenSSL: pending error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

OpenSSL: pending error: error:140C800D:SSL routines:SSL_use_certificate_file:ASN1 lib

CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected

TLS: Certificate verification failed, error 18 (self signed certificate) depth 0 for '/C=xxx/ST=xxxx/L=xxxx/O=xxxx/OU=xxxx/CN=xxxx'

SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA

OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

CTRL-EVENT-EAP-FAILURE EAP authentication failed

CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys

```

This is wpa_supplicant.conf:

```
network={

       ssid="xxx"

        key_mgmt=WPA-EAP

        identity="yyyy"

         ca_cert="/etc/wpa_supplicant/root.pem"

       client_cert="/etc/wpa_supplicant/cert-clt.pem"

       private_key="/etc/wpa_supplicant/cert-clt.pem"

       private_key_passwd="xxxxx"

}

```

And this is my eap.conf from freeradius in the tls section:

```
tls {

                        private_key_password = xxxxx

                        private_key_file = /etc/1x/cert-srv.pem

                        #  If Private key & Certificate are located in

                        #  the same file, then private_key_file &

                        #  certificate_file must contain the same file

                        #  name.

                        certificate_file = /etc/1x/cert-srv.pem

                        #  Trusted Root CA list

                        CA_file = /etc/1x/root.pem

                        dh_file = /etc/1x/dh

                        random_file = /dev/urandom

}
```

What am i doing wrong?

Thanks a lot for the help!!

----------

## linuxbum

Tanisete.

What did you put in /etc/conf.d/net?

```

modules_eth*("wpa_supplicant")

wpa_supplicant_eth*="-Dwext" if abouve 2.6.13 Kernel if I remember right.

```

----------

## cazze

did you ever found the solution to this problem?

----------

## ScarletPimpFromHell

Self signed certificates are treated very harshly by some applications and I noticed that the wifi supplicant is starting a TLS (Transport Layer Secure) session with a self signed certificate.

You may have to re configure (possibly recompile) your radius server and / or SASL libraries to support self signed certificates.

Just a thought.

----------

