Thanks for the bug report.  I think this may a duplicate of either bug 3867 or
bug 6101 (or both), can you confirm?

(In reply to comment #1)
> Thanks for the bug report.  I think this may a duplicate of either bug 3867 or
> bug 6101 (or both), can you confirm?

Yes, all three reports are refering to same bug: WLAN setup does not give a
list of certificates when using EAP. (PEAP,TLS,TTLS all have same problem)

Resulting all people whose organization is using certificates in their WLAN
unable to access it. (like me...)

Comment 3 Juhani Mäkelä 2009-11-23 15:29:26 UTC

(In reply to comment #2)
> Yes, all three reports are refering to same bug: WLAN setup does not give a
> list of certificates when using EAP. (PEAP,TLS,TTLS all have same problem)
> Resulting all people whose organization is using certificates in their WLAN
> unable to access it. (like me...)

This should work. For PEAP authentication you need a client certificate and the
related private key. These are usually installed from a PKCS#12 package. If
it's not too much work, could you please do the following?
- Open xterm
- Run command "cmcli -p wifi-user -L -K" (please attach the output)
- Check that in the output there is a line where the second word matches the
supposed PEAP username (the client certificate)
- Check that there is a one-word line that matches the hexstring at the line
where there is the username (the private key)

Also, it seems that if the password protection is removed from the private key,
the PEAP authentication stops working. The workaround is to restore password
protection by the "Password" button in the client certificate details by the
certificate manager.

Comment 4 Andre Klapper 2009-11-24 20:51:20 UTC

moreinfo as per last comment.

@Juhani: Just drop me a line here if you think that I should import this into
Nokia's internal bugtracker. For more info: http://wiki.maemo.org/Bugs:Cloning

(In reply to comment #3)
> (In reply to comment #2)
> > Yes, all three reports are refering to same bug: WLAN setup does not give a
> > list of certificates when using EAP. (PEAP,TLS,TTLS all have same problem)
> > Resulting all people whose organization is using certificates in their WLAN
> > unable to access it. (like me...)
> 
> This should work. For PEAP authentication you need a client certificate and the
> related private key. These are usually installed from a PKCS#12 package. If
> it's not too much work, could you please do the following?
> - Open xterm
> - Run command "cmcli -p wifi-user -L -K" (please attach the output)
> - Check that in the output there is a line where the second word matches the
> supposed PEAP username (the client certificate)
> - Check that there is a one-word line that matches the hexstring at the line
> where there is the username (the private key)
> 
> Also, it seems that if the password protection is removed from the private key,
> the PEAP authentication stops working. The workaround is to restore password
> protection by the "Password" button in the client certificate details by the
> certificate manager.
> 

Hi, sorry for long delay.

I dont get any output from the command.

BR,

Janne

Comment 6 Juhani Mäkelä 2009-12-04 16:25:25 UTC

> Hi, sorry for long delay.
> I dont get any output from the command.

That's OK. This means then that you do not have a client certificate installed
(for Wifi-purpose anyway), and hence it's perfectly natural that the WLAN
Connection setup shows you an empty list of client certificates to choose from.

So the question is, is there some variation of the PEAP/MSCHAPv2 authentication
that's supposed to work without client certificates. I don't know, maybe Janne
does. But if the access point requires a client certificate, than you must have
one in order to get authenticated.

(In reply to comment #6)
> > Hi, sorry for long delay.
> > I dont get any output from the command.
> 
> That's OK. This means then that you do not have a client certificate installed
> (for Wifi-purpose anyway), and hence it's perfectly natural that the WLAN
> Connection setup shows you an empty list of client certificates to choose from.
> 
> So the question is, is there some variation of the PEAP/MSCHAPv2 authentication
> that's supposed to work without client certificates. I don't know, maybe Janne
> does. But if the access point requires a client certificate, than you must have
> one in order to get authenticated.
> 

(In reply to comment #6)
> > Hi, sorry for long delay.
> > I dont get any output from the command.
> 
> That's OK. This means then that you do not have a client certificate installed
> (for Wifi-purpose anyway), and hence it's perfectly natural that the WLAN
> Connection setup shows you an empty list of client certificates to choose from.
> 
> So the question is, is there some variation of the PEAP/MSCHAPv2 authentication
> that's supposed to work without client certificates. I don't know, maybe Janne
> does. But if the access point requires a client certificate, than you must have
> one in order to get authenticated.
> 

Hi,

First of all. I am now able to connect eduroam with my N900. It works. 

The cause of mixup was: In all the eduroam configuration guides, you need to
choose CA certificate (for example in: http://www.eduroam.no/klient/nokia.html
)
But in N900 all root certificates works (I assume) without selecting the one
needed.

The real problem for me was that in EAP PEAP MSCHAPv2 you need to define user
name twice (username is also in advanced settings and there was a mismatch in
my case...)

So I can verify that eduroam works with N900 and Maemo 5.0.

Kiitos ja anteeksi :-)

T:Janne

Comment 8 Janne Ylälehto 2009-12-07 09:48:58 UTC

(In reply to comment #7)
> (In reply to comment #6)
> > > Hi, sorry for long delay.
> > > I dont get any output from the command.
> > 
> > That's OK. This means then that you do not have a client certificate installed
> > (for Wifi-purpose anyway), and hence it's perfectly natural that the WLAN
> > Connection setup shows you an empty list of client certificates to choose from.
> > 
> > So the question is, is there some variation of the PEAP/MSCHAPv2 authentication
> > that's supposed to work without client certificates. I don't know, maybe Janne
> > does. But if the access point requires a client certificate, than you must have
> > one in order to get authenticated.

Confirming that both ways can be used, with and without client certificate.

> But in N900 all root certificates works (I assume) without selecting the one
> needed.

Yes, we thought that is more user friendly :)

>> So I can verify that eduroam works with N900 and Maemo 5.0.
> Kiitos ja anteeksi :-)
> T:Janne

No problem. Good that you can use it now.

Br, Janne Y.

Comment 9 Andre Klapper 2010-06-28 10:24:24 UTC

Closing as WORKSFORME as per last comments.

i have the exact same issue. i have a certificate installed. put all options
for my WLAN. i have to choose a certificate and i get nothing in the list.

i checked if it is in the certificate manager it appears but not listed.

i tried the command posted here and i got nothing. This is definitely a bug!