Problem authenticating WPA2 network: OpenSSL rejects certificate

Jouni Malinen j at
Tue Oct 5 14:31:32 EDT 2010

On Tue, Oct 05, 2010 at 03:17:48PM +0200, Berend Dekens wrote:
> The certificate failing is GTE_CyberTrust_Global_Root.pem, which is
> installed by default on all computers with OpenSSL I think. But even
> without pointing to a specific certificate (so it can search all
> available certificates on my system) it fails.
> A colleague running Ubuntu provides the same options and he logs in just
> fine. I tried downgrading to wpa_supplicant 0.6.10 (same version he
> uses) and I compared the PEM file on both systems, both are identical.
> So why can he log in with the 'ca_cert' option and I can't? I am using
> Gentoo and he is using Ubuntu...

wpa_supplicant does not have much control on this part when using
OpenSSL.. Maybe your OpenSSL build has some options that disallows this
particular certificate for some reason. For example, disabling use of
MD5 as certificate hash algorithm would be good from security view
point, but it would result in number of interop issues with old root
certificates that are still in use.

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list