Problem authenticating WPA2 network: OpenSSL rejects certificate

Berend Dekens wpa at
Tue Oct 5 09:17:48 EDT 2010

 On 05/10/10 14:32, Jouni Malinen wrote:
>> I am confused as to what is failing, according to the manual, the
>> ca_cert should point to a folder or file holding the trusted CA. So why
>> is wpa_supplicant complaining about not being able to validate the
>> certificate? It *is* the CA...
> It sounds like the certificate file you are using may not match with the
> certificate chain provided by the authentication server. Without seeing
> the actual certificates, it is difficult to say whether that is indeed
> the case, though.
The certificate failing is GTE_CyberTrust_Global_Root.pem, which is
installed by default on all computers with OpenSSL I think. But even
without pointing to a specific certificate (so it can search all
available certificates on my system) it fails.

A colleague running Ubuntu provides the same options and he logs in just
fine. I tried downgrading to wpa_supplicant 0.6.10 (same version he
uses) and I compared the PEM file on both systems, both are identical.

So why can he log in with the 'ca_cert' option and I can't? I am using
Gentoo and he is using Ubuntu...

More information about the HostAP mailing list