Enterprise Security: need a working working example of the join_ent command from the test.console app

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
MaMe_1509466
Level 4
Level 4
25 replies posted 10 replies posted 5 replies posted

nsankar​ or vik86

Do either of you have a working example of the join_ent command from the test.console app?

I get the following error after compiling in a known good key and certificate.

> join_ent sw-rnd3 eap_tls <user name> <password> wpa2

Joining : sw-rnd3

Supplicant received link event

Supplicant error 6011

Failed to join : sw-rnd3

Joining : sw-rnd3

Failed to join : sw-rnd3

Joining : sw-rnd3

Failed to join : sw-rnd3

Join result 1025: Some part of the join process did not complete

0 Likes
1 Solution

EAP-TLS connection is working now. The culprit was a certificate and key that

was generated on a Windows 8 machine. When the key and

certificate regenerated on a Windows 7 machine was used, the connection

worked. Thank you.

View solution in original post

0 Likes
9 Replies
MaMe_1509466
Level 4
Level 4
25 replies posted 10 replies posted 5 replies posted

Here is an update. This was run on 3.6.2.

ssl_handshake_client_async is returning 0xfc00

 

Console app

> join_ent sw-rnd3 eap_tls wpa2

Joining : sw-rnd3

Supplicant received link event

TLS handshake failed

Supplicant received link eventFailed to join : sw-rnd3

Joining : sw-rnd3

Supplicant received link event

TLS handshake failed

Supplicant received link eventFailed to join : sw-rnd3

Joining : sw-rnd3

Supplicant received link event

TLS handshake failed

Supplicant received link eventFailed to join : sw-rnd3

Join result 1007:

Supplicant error 2

0 Likes

markmendelsohn

Do you change any thing in test.console source package ?

If not! It fail as expected!

Do you import the root CA used by test.console into your radius server ?

And do you replace root CA in your test.console with root CA of your radius server ?

All mention above is locate in libraries/utilities/command_console/wifi/certificate.h !

As previously mentioned, know good keys and certificates were tested

on Android, iOS and OSX. These were then added to the certificate.h

file, rebuilt and downloaded into Dev kit for testing,

0 Likes

Still more info:

The x509parse_key is failing as returned up from rsa_check_privkey library function.

  Our keys are good because they work on Windows. Android, OS X and IOS. They

were generated by the Windows Server. So there must be a specific type of key

the routine is looking for.

0 Likes

markmendelsohn

I wanted to let you know that the developers are looking into this issue.

0 Likes

EAP-TLS connection is working now. The culprit was a certificate and key that

was generated on a Windows 8 machine. When the key and

certificate regenerated on a Windows 7 machine was used, the connection

worked. Thank you.

0 Likes

Thanks for reporting the solution back to the thread markmendelsohn

0 Likes

markmendelsohn wrote:

EAP-TLS connection is working now. The culprit was a certificate and key that

was generated on a Windows 8 machine. When the key and

certificate regenerated on a Windows 7 machine was used, the connection

worked. Thank you.

This is a good finding, but it means something the SDK needs to address.

Asking a win8 user to downgrade OS to win7 is generally not an option.

0 Likes