Hello,
> I'm currently trying to authenticate using EAP-TLS using smartcard with
> wpa_supplicant and I get this error:
>
> OpenSSL: tls_connection_engine_private_key - Private key failed
> verification error:140A30B1:SSL routines:SSL_check_private_key:no
> certificate assigned
>
> I got some messages "Error: can't open /var/run/openct/status: No such
> file or directory" but I get these messages always when I use my
> smartcard reader (and it works).
>
Looks like you have not configured X509 private key certificate.
> plain text document attachment (wpa_supplicant.conf)
> ctrl_interface=/var/run/wpa_supplicant
> ctrl_interface_group=0
> eapol_version=1
> fast_reauth=1
> pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so
> pkcs11_module_path=/usr/lib/opensc-pkcs11.so
>
> network={
> ssid="*****"
> key_mgmt=WPA-EAP
> eap=TLS
> proto=WPA
> pairwise=TKIP
> group=TKIP
> identity="[EMAIL PROTECTED]"
> ca_cert="/etc/wpa_supplicant/CA_CATCertPP_GlobalTrust.crt"
> #client_cert="/etc/cert/user.pem"
I'm not sure but this maybe the place to configure certificate.
You should have your private key certificate. This certificate may be
located in plain file. To check that your certificate certifies proper
private key you may do something like that (test example):
$ openssl rsa -engine chil -in rsa-test2 -inform engine -modulus -noout
engine "chil" set.
Modulus=D14731D19EF32A3D458EE61B219A0E019...
$ openssl x509 -in rsa-test2-crt.pem -modulus -noout
Modulus=D14731D19EF32A3D458EE61B219A0E019
and you should get the same numbers.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
