Outdated certificate Thawte_Premium_Server_CA.pem
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
network-manager (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
Release : Kubuntu 11.04
Version of package: unknown package
What I expected: Connect to WPA wireless
What happened: Found problem with Thawte_
I am posting here even though this is Kubuntu 11.04 because this may be a problem which exists in Ubuntu 11.04 also.
I installed Kubuntu 11.04 yesterday from an iso which was created about 5 days ago. All available updates were installed also. I can access WEP and non-secured networks with no problems, however my workplace wifi which uses WPA PEAP with MSCHAPV2 was unable to connect. The certificate used at my workplace is Thawte_
At first, I thought that the problem may have been with the KDE network manager, and so I uninstalled it and installed WICD since this had solved issues like this in the past. However, I got the same problem.
I then went on the Thawte website and downloaded a copy of the latest version of Thawte_
For the original version (the one supplied with Kubuntu 11.04) I get this:
>openssl x509 -text -in Thawte_
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncry
Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server <email address hidden>
Validity
Not Before: Aug 1 00:00:00 1996 GMT
Not After : Dec 31 23:59:59 2020 GMT
Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server <email address hidden>
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:d2:36:
38:ee:49:
48:35:3a:
86:8d:9e:
21:51:d8:
cb:97:2a:
6e:da:11:
b6:46:53:
8d:f4:42:
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: md5WithRSAEncry
26:48:2c:
c9:78:60:
08:85:fc:
c1:c6:11:
6e:d5:b7:
a4:ae:3f:
32:71:07:
14:42
-----BEGIN CERTIFICATE-----
MIIDJzCCApCgAwI
FTATBgNVBAgTDFd
VQQKExRUaGF3dGU
biBTZXJ2aWNlcyB
dmVyIENBMSgwJgY
MB4XDTk2MDgwMTA
MRUwEwYDVQQIEwx
A1UEChMUVGhhd3R
b24gU2VydmljZXM
cnZlciBDQTEoMCY
bTCBnzANBgkqhki
VdbQ7xwblRZH7xh
ug2SBhRz1JPLlyo
uHM/qgeN9EJN50C
9w0BAQQFAAOBgQA
hfzJATj/
pAwSremkrj/
-----END CERTIFICATE-----
For the new downloaded version I get :
>openssl x509 -text -in Thawte_
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
36:12:22:
Signature Algorithm: sha1WithRSAEncr
Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server <email address hidden>
Validity
Not Before: Aug 1 00:00:00 1996 GMT
Not After : Jan 1 23:59:59 2021 GMT
Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server <email address hidden>
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:d2:36:
38:ee:49:
48:35:3a:
86:8d:9e:
21:51:d8:
cb:97:2a:
6e:da:11:
b6:46:53:
8d:f4:42:
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha1WithRSAEncr
65:90:ac:
6b:d4:39:
b8:5d:63:
2b:02:84:
b8:ec:b1:
82:75:8c:
a4:4d:8e:
2e:4d
-----BEGIN CERTIFICATE-----
MIIDNjCCAp+
zjELMAkGA1UEBhM
Q2FwZSBUb3duMR0
CxMfQ2VydGlmaWN
d3RlIFByZW1pdW0
cnZlckB0aGF3dGU
gc4xCzAJBgNVBAY
CUNhcGUgVG93bjE
BAsTH0NlcnRpZml
YXd0ZSBQcmVtaXV
ZXJ2ZXJAdGhhd3R
aovXwlue2oFBYo8
ZXUCTe/
+ao6hnO2RlNYyIk
BAUwAwEB/
CSLGpmODA/
IPG47LHlVYCsPVL
WuFg3GQjPEIuTQ==
-----END CERTIFICATE-----
The first thing that caught my attention was the serial number, and then the signature algorithm. The version supplied with Kubuntu is not the same as that supplied by the official website. Once I installed the new version that I had just downloaded, WICD was able to connect to my workplace network with no problems.
It might be worth looking at all the certs and making sure they are up to date.
tags: | added: kubuntu natty ssl |
affects: | ubuntu → network-manager (Ubuntu) |
Changed in network-manager (Ubuntu): | |
status: | New → Incomplete |
Small update:
I just installed Ubuntu 11.04 on another computer and checked the certificates. The default certificate works fine (the one with md5, the original one from kubuntu) and I am able to connect easily to the WPA. So maybe this is an issue with the network managers running under kubuntu.