Problem authenticating WPA2 network: OpenSSL rejects certificate

Berend Dekens wpa at
Wed Oct 6 07:45:12 EDT 2010

 On 05/10/10 20:31, Jouni Malinen wrote:
> wpa_supplicant does not have much control on this part when using
> OpenSSL.. Maybe your OpenSSL build has some options that disallows this
> particular certificate for some reason. For example, disabling use of
> MD5 as certificate hash algorithm would be good from security view
> point, but it would result in number of interop issues with old root
> certificates that are still in use.
I verified the certificate with openssl and rebuild openssl with every
option available (and ofcourse recompiled wpa_supplicant afterwards).
Nothing helped.

This bug is known in Ubuntu as
and others have it as well. This italian user found the same 'solution'
as I did: disable the verification altogether by removing the ca_cert

Since OpenSSL attempts to verify the certificate itself (which is
impossible as it is the root CA), it looks to me like a bug in
wpa_supplicant or OpenSSL. Afaik it is impossible to verify a root CA
certificate as there is nobody able to 'claim' the certificate as being
signed by them.

More information about the HostAP mailing list