Comment 1 for bug 884612

Confirmed; this needs further triage. I know for sure there is at least one other bug about what certificates are accepted (and frankly we should accept all the ones we possibly can, without need to convert). There's some checking of whether the certificate is understandable before passing it to the next layer (wpasupplicant or VPNs); and that's usually what's failing rather than the next layer.

We should do a careful round of testing with various kinds of certificates to make sure all the possibilities work.

Patrick; any chance you could provide a sample certificate built the same way as the ones you use (though not the same certificate, for obvious security reasons), so that we can get the actual format right? It's a DER, but the headers in the text format are usually different between actual formats.