Fedora

From 36C3 Wiki

Static:Network/802.1X client settings

Network/802.1X client settings

German English

Das stets angegeben öffentliche Zertifikat /etc/ssl/certs/DST_Root_CA_X3.pem ist Bestandteil von /etc/ssl/certs/ca-bundle.crt.

grep "DST Root CA X3" /etc/ssl/certs/ca-bundle.crt
# DST Root CA X3

Daher einfach /etc/ssl/certs/ca-bundle.crt als CA certificate verwenden.

The given public certificate /etc/ssl/certs/DST_Root_CA_X3.pem is part of /etc/ssl/certs/ca-bundle.crt.

grep "DST Root CA X3" /etc/ssl/certs/ca-bundle.crt
# DST Root CA X3

So just use /etc/ssl/certs/ca-bundle.crt as CA certificate.

Anstatt in der Datei /etc/NetworkManager/system-connections/36C3 wird die Konfiguration der Verbindung in der Datei /etc/sysconfig/network-scripts/ifcfg-36C3 abgelegt. (Der Wert fater (beim Schlüssel IEEE_8021X_IDENTITY) ist ein beispielhafter Eintrag für eine mögliche Identität. Der Wert beim Schlüssel UUID ergab sich auch "irgendwie".)

cat /etc/sysconfig/network-scripts/ifcfg-36C3
ESSID=36C3
MODE=Managed
KEY_MGMT=WPA-EAP
MAC_ADDRESS_RANDOMIZATION=default
TYPE=Wireless
IEEE_8021X_EAP_METHODS=TTLS
IEEE_8021X_IDENTITY=fater
IEEE_8021X_INNER_AUTH_METHODS=PAP
IEEE_8021X_CA_CERT=/etc/ssl/certs/ca-bundle.crt
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=36C3
UUID=e6d275ad-5bce-5c6b-ac61-abf9cef47050
ONBOOT=yes

(needs to be edited) Instead of being placed into the file /etc/NetworkManager/system-connections/36C3 the configuration of the connection will be placed into /etc/sysconfig/network-scripts/ifcfg-36C3. (The value fater (at key IEEE_8021X_IDENTITY) is an example entry for a possible identity. The value at key UUID also resulted in "somehow".)

cat /etc/sysconfig/network-scripts/ifcfg-36C3
ESSID=36C3
MODE=Managed
KEY_MGMT=WPA-EAP
MAC_ADDRESS_RANDOMIZATION=default
TYPE=Wireless
IEEE_8021X_EAP_METHODS=TTLS
IEEE_8021X_IDENTITY=fater
IEEE_8021X_INNER_AUTH_METHODS=PAP
IEEE_8021X_CA_CERT=/etc/ssl/certs/ca-bundle.crt
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=36C3
UUID=e6d275ad-5bce-5c6b-ac61-abf9cef47050
ONBOOT=yes