Kindle 3 WPA Supplicant

[ixtab]

Can you attach the certificate here?

Don't worry, this is not confidential information, it's a public certificate after all.

[thatworkshop]

Quote:

Originally Posted by ixtab

Can you attach the certificate here?

Don't worry, this is not confidential information, it's a public certificate after all.

They embedded the certificate inside the email (instead of giving me as a file) and it's one of things I'm suspicious about! Because I read that in order to read the cert should have a certain max number of characters in a line, which this one is not (it's in 2 big lines)!

Code:

-----BEGIN CERTIFICATE-----MIIEkjCCA3qgAwIBAgIJAMRtKfwtmk4BMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJDQTEUMBIGA1UECBMLTm92YSBTY290aWExEDAOBgNVBAcTB0hhbGlmYXgxHTAbBgNVBAoTFERhbGhvdXNpZSBVbml2ZXJzaXR5MRkwFwYJKoZIhvcNAQkBFgpub2NAZGFsLmNhMRswGQYDVQQDExJEYWxob3VzaWUgV2lyZWxlc3MwHhcNMTAwNDIwMTkyNDU2WhcNMzAwNDE1MTkyNDU2WjCBjDELMAkGA1UEBhMCQ0ExFDASBgNVBAgTC05vdmEgU2NvdGlhMRAwDgYDVQQHEwdIYWxpZmF4MR0wGwYDVQQKExREYWxob3VzaWUgVW5pdmVyc2l0eTEZMBcGCSqGSIb3DQEJARYKbm9jQGRhbC5jYTEbMBkGA1UEAxMSRGFsaG91c2llIFdpcmVsZXNzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0E6rgv8JkKHMqhd367iW1tam4x9d+ol3LEqYg3BZ8zYtM9E0vLGDsUoYBpU1+7DlOl+oGJLXeWgBphBqekJ+rPzELqLobtpcj6GZlywOVCe5joali7mlU9Pbu/K5gjieJYJgKLNhX1C0L+81ipwlFPoBJXLQFUutjNLpkVrHZn//YwRr0LKP9Wii+qHerkuMoZqGsCChO8flm0v7Ozpr6L6QV+nP/GQppq01B+5Ik7owSG5XuTxo6xmdsho+2E8j3QjYrP4V8/lX6Lm0E7GWmmH0FzHIbeE409tdU30oX/n94/E6/Z2f6eEl5CEqjIMK5w1eRjVGeiAk+J2UDa0yUwIDAQABo4H0MIHxMB0GA1UdDgQWBBTo7N3VchFP4UAYawsuYfDuS9HeiTCBwQYDVR0jBIG5MIG2gBTo7N3VchFP4UAYawsuYfDuS9!
  HeiaGBkqSBjzCBjDELMAkGA1UEBhMCQ0ExFDASBgNVBAgTC05vdmEgU2NvdGlhMRAwDgYDVQQHEwdIYWxpZmF4MR0wGwYDVQQKExREYWxob3VzaWUgVW5pdmVyc2l0eTEZMBcGCSqGSIb3DQEJARYKbm9jQGRhbC5jYTEbMBkGA1UEAxMSRGFsaG91c2llIFdpcmVsZXNzggkAxG0p/C2aTgEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAIu4hGQEIOdNrGFLIGXlKT/R3QmVw3eZJKrdq5K9d8OWqY7cUOla1dopMhbNftySDZSyGgQ2CxxEWJkcBlh4PbmYExlT/maUsZkFkkBClB5T9iRCcjzv9KonZCAYSpYW2sRaV9Gx4GDMMiZOsxRCQuzjaXs3y99HmNcykR0rCfIVCQtQZyq6KRzt64HdO4Z1cXm8GIvhAaImWbIbmhxwgXxuQuJHa9S/HTHwk1wroe6US+P+/LEvmVBArLIWtikfEkz6pLXa7TM0JLiFOqsVs7La8eY1fxq6diM0XVvN/k5SuBOz4KneMpCBJ7EML4aTkLroYp6i+YSaaPp5OU53Y4Q==-----END CERTIFICATE-----

[ixtab]

Take this:

Code:

-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIJAMRtKfwtmk4BMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYD
VQQGEwJDQTEUMBIGA1UECBMLTm92YSBTY290aWExEDAOBgNVBAcTB0hhbGlmYXgx
HTAbBgNVBAoTFERhbGhvdXNpZSBVbml2ZXJzaXR5MRkwFwYJKoZIhvcNAQkBFgpu
b2NAZGFsLmNhMRswGQYDVQQDExJEYWxob3VzaWUgV2lyZWxlc3MwHhcNMTAwNDIw
MTkyNDU2WhcNMzAwNDE1MTkyNDU2WjCBjDELMAkGA1UEBhMCQ0ExFDASBgNVBAgT
C05vdmEgU2NvdGlhMRAwDgYDVQQHEwdIYWxpZmF4MR0wGwYDVQQKExREYWxob3Vz
aWUgVW5pdmVyc2l0eTEZMBcGCSqGSIb3DQEJARYKbm9jQGRhbC5jYTEbMBkGA1UE
AxMSRGFsaG91c2llIFdpcmVsZXNzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA0E6rgv8JkKHMqhd367iW1tam4x9d+ol3LEqYg3BZ8zYtM9E0vLGDsUoY
BpU1+7DlOl+oGJLXeWgBphBqekJ+rPzELqLobtpcj6GZlywOVCe5joali7mlU9Pb
u/K5gjieJYJgKLNhX1C0L+81ipwlFPoBJXLQFUutjNLpkVrHZn//YwRr0LKP9Wii
+qHerkuMoZqGsCChO8flm0v7Ozpr6L6QV+nP/GQppq01B+5Ik7owSG5XuTxo6xmd
sho+2E8j3QjYrP4V8/lX6Lm0E7GWmmH0FzHIbeE409tdU30oX/n94/E6/Z2f6eEl
5CEqjIMK5w1eRjVGeiAk+J2UDa0yUwIDAQABo4H0MIHxMB0GA1UdDgQWBBTo7N3V
chFP4UAYawsuYfDuS9HeiTCBwQYDVR0jBIG5MIG2gBTo7N3VchFP4UAYawsuYfDu
S9HeiaGBkqSBjzCBjDELMAkGA1UEBhMCQ0ExFDASBgNVBAgTC05vdmEgU2NvdGlh
MRAwDgYDVQQHEwdIYWxpZmF4MR0wGwYDVQQKExREYWxob3VzaWUgVW5pdmVyc2l0
eTEZMBcGCSqGSIb3DQEJARYKbm9jQGRhbC5jYTEbMBkGA1UEAxMSRGFsaG91c2ll
IFdpcmVsZXNzggkAxG0p/C2aTgEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUF
AAOCAQEAIu4hGQEIOdNrGFLIGXlKT/R3QmVw3eZJKrdq5K9d8OWqY7cUOla1dopM
hbNftySDZSyGgQ2CxxEWJkcBlh4PbmYExlT/maUsZkFkkBClB5T9iRCcjzv9KonZ
CAYSpYW2sRaV9Gx4GDMMiZOsxRCQuzjaXs3y99HmNcykR0rCfIVCQtQZyq6KRzt6
4HdO4Z1cXm8GIvhAaImWbIbmhxwgXxuQuJHa9S/HTHwk1wroe6US+P+/LEvmVBAr
LIWtikfEkz6pLXa7TM0JLiFOqsVs7La8eY1fxq6diM0XVvN/k5SuBOz4KneMpCBJ
7EML4aTkLroYp6i+YSaaPp5OU53Y4Q==
-----END CERTIFICATE-----

For the rest of the settings you may need to experiment which parameters are correct for you. man wpasupplicant

Good luck!

[thatworkshop]

Quote:

Originally Posted by ixtab

Take this:
For the rest of the settings you may need to experiment which parameters are correct for you. man wpasupplicant
Good luck!

Yea I tried to cut it by 64 characters per line. Thanks a lot ixtab! but still this is the error I receive when I run your shell script in Kindle through usbnetworking:

Code:

unable to load certificate
18294:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: TRUSTED CERTIFICATE
date: invalid date '-00- '
sh: 1327613470: unknown operand
wpa_cli v0.6.10 Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi> and contributors This program is free software. You can distribute it and/or modify it under the terms of the GNU General Public License version 2. Alternatively, this software may be distributed under the terms of the BSD license. See README and COPYING for more details. Selected interface 'wlan0' Interactive mode > OK > OK > OK > OK > OK > OK > OK > OK > OK > OK > OK > OK <2>Trying to associate with SSID 'MY_SSID_HERE' >

Even running 'openssl x509 -in ca.pem' to verify the validity of cert gave previous error!

[ixtab]

... then you must be doing something wrong

Code:

openssl x509 -in ca.pem -noout -text

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            c4:6d:29:fc:2d:9a:4e:01
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=CA, ST=Nova Scotia, L=Halifax, O=Dalhousie University/emailAddress=noc@dal.ca, CN=Dalhousie Wireless
        Validity
            Not Before: Apr 20 19:24:56 2010 GMT
            Not After : Apr 15 19:24:56 2030 GMT
        Subject: C=CA, ST=Nova Scotia, L=Halifax, O=Dalhousie University/emailAddress=noc@dal.ca, CN=Dalhousie Wireless
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:d0:4e:ab:82:ff:09:90:a1:cc:aa:17:77:eb:b8:
                    96:d6:d6:a6:e3:1f:5d:fa:89:77:2c:4a:98:83:70:
                    59:f3:36:2d:33:d1:34:bc:b1:83:b1:4a:18:06:95:
                    35:fb:b0:e5:3a:5f:a8:18:92:d7:79:68:01:a6:10:
                    6a:7a:42:7e:ac:fc:c4:2e:a2:e8:6e:da:5c:8f:a1:
                    99:97:2c:0e:54:27:b9:8e:86:a5:8b:b9:a5:53:d3:
                    db:bb:f2:b9:82:38:9e:25:82:60:28:b3:61:5f:50:
                    b4:2f:ef:35:8a:9c:25:14:fa:01:25:72:d0:15:4b:
                    ad:8c:d2:e9:91:5a:c7:66:7f:ff:63:04:6b:d0:b2:
                    8f:f5:68:a2:fa:a1:de:ae:4b:8c:a1:9a:86:b0:20:
                    a1:3b:c7:e5:9b:4b:fb:3b:3a:6b:e8:be:90:57:e9:
                    cf:fc:64:29:a6:ad:35:07:ee:48:93:ba:30:48:6e:
                    57:b9:3c:68:eb:19:9d:b2:1a:3e:d8:4f:23:dd:08:
                    d8:ac:fe:15:f3:f9:57:e8:b9:b4:13:b1:96:9a:61:
                    f4:17:31:c8:6d:e1:38:d3:db:5d:53:7d:28:5f:f9:
                    fd:e3:f1:3a:fd:9d:9f:e9:e1:25:e4:21:2a:8c:83:
                    0a:e7:0d:5e:46:35:46:7a:20:24:f8:9d:94:0d:ad:
                    32:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                E8:EC:DD:D5:72:11:4F:E1:40:18:6B:0B:2E:61:F0:EE:4B:D1:DE:89
            X509v3 Authority Key Identifier: 
                keyid:E8:EC:DD:D5:72:11:4F:E1:40:18:6B:0B:2E:61:F0:EE:4B:D1:DE:89
                DirName:/C=CA/ST=Nova Scotia/L=Halifax/O=Dalhousie University/emailAddress=noc@dal.ca/CN=Dalhousie Wireless
                serial:C4:6D:29:FC:2D:9A:4E:01

            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
        22:ee:21:19:01:08:39:d3:6b:18:52:c8:19:79:4a:4f:f4:77:
        42:65:70:dd:e6:49:2a:b7:6a:e4:af:5d:f0:e5:aa:63:b7:14:
        3a:56:b5:76:8a:4c:85:b3:5f:b7:24:83:65:2c:86:81:0d:82:
        c7:11:16:26:47:01:96:1e:0f:6e:66:04:c6:54:ff:99:a5:2c:
        66:41:64:90:10:a5:07:94:fd:89:10:9c:8f:3b:fd:2a:89:d9:
        08:06:12:a5:85:b6:b1:16:95:f4:6c:78:18:33:0c:89:93:ac:
        c5:10:90:bb:38:da:5e:cd:f2:f7:d1:e6:35:cc:a4:47:4a:c2:
        7c:85:42:42:d4:19:ca:ae:8a:47:3b:7a:e0:77:4e:e1:9d:5c:
        5e:6f:06:22:f8:40:68:89:96:6c:86:e6:87:1c:20:5f:1b:90:
        b8:91:da:f5:2f:c7:4c:7c:24:d7:0a:e8:7b:a5:12:f8:ff:bf:
        2c:4b:e6:54:10:2b:2c:85:ad:8a:47:c4:93:3e:a9:2d:76:bb:
        4c:cd:09:2e:21:4e:aa:c5:6c:ec:b6:bc:79:8d:5f:c6:ae:9d:
        88:cd:17:56:f3:7f:93:94:ae:04:ec:f8:2a:77:8c:a4:20:49:
        ec:43:0b:e1:a4:e4:2e:ba:18:a7:a8:be:61:26:9a:3e:9e:4e:
        53:9d:d8:e1

Anyway, I'm attaching it as a file now.

[thatworkshop]

Quote:

Originally Posted by ixtab

... then you must be doing something wrong
Anyway, I'm attaching it as a file now.

Yes it seems I was doing something wrong - don't know what - as apparently now I don't get any error! woohoo! Thanks a bunch ixtab!

So I turn on Wireless, connect Kindle to PC, run your script and it says everything ok! Then I open up browser, it still shows 3G (no sign of mentioning Wi-Fi) and the same nag screen that Kindle can't connect to WPA Enterprise?! Should I restart Kindle maybe for changes to take effect?

Also, I wish I was the lucky person receiving your K3 to do some hacks just kidding But anyways, I'm in love with this forum!

[ixtab]

You're welcome

As said, you sometimes need to try multiple times, turning off and on Wifi in between.

WPA-EAP is a royal bitch to get working correctly, and I was lucky enough to have an OpenWRT AP where I could run radius in debug mode, to see what went wrong. Try playing around with wpa_cli, and making absolutely sure you're using the correct parameters for your network. Other than that, I'm afraid I can't really say much more, sorry.

[hawhill]

I think in order to work correctly, the right hints are in this posting: https://www.mobileread.com/forums/sho...9&postcount=27
(but I'm not sure, because, again, this was meant for Kindle 3).

Basically, for Kindle 3 you had to convince the UI that it connected to the Wifi network itself. So in a first step, you make the SSID known to the framework by connecting to a temporarily set up infrastructure network with the SSID you plan to connect later via WPA-EAP, but in the temporary case with unprotected standard Wifi. Afterwards, you make the Kindle try and connect to the real network and start the setup script right afterwards. The framework will then think it configured the Wifi itself and will care for doing DHCP and allowing to actually use the Wifi link.

[ixtab]

On KT, this does not seem to be needed. I just tried it again -- simply running the script is enough. (Again, it may not work on the very first attempt for some reason. Turning Wifi off+on, and running the script again, works 100% for me).

PS: Don't use the built-in dialog to try to connect to the network. Simply run the script and do nothing else. If it worked, Wifi should show up after a few seconds. You might want to keep the dialog with the Wifi networks open while testing though -- if it worked, your WPA-EAP network will be shown as connected (with the checkmark).

[geekmaster]

Quote:

Originally Posted by cscat

Yes it seems I was doing something wrong - don't know what - as apparently now I don't get any error! woohoo! Thanks a bunch ixtab!
...

When you did copy/paste from the web page, did you save it with linux end of line (LF only)? If you save it with any CR (0x0D) in it, that might cause problems (typical of small versions of programs such as busybox).

[hawhill]

ixtab: So getting IP address and routing information (i.e. doing DHCP) is done automatically when the interface goes up? Or did you extend your script to also issue a call to a DHCP client?

[ixtab]

Yes, it seems to be done automatically. I poked around sometime ago, but can't remember where exactly the logic is. In any case, it's as you said: the device detects that the interface is connected, and then starts DHCP etc. by itself. It even synchronizes the time via ntp

[ubuntuser]

Hey!

Sorry for digging out the topic

I've tried this today and it worked... but only once. I could browse websites. But then i left my university (cant remember if I had turned Wifi off or not before leaving).
Turning the wifi off and on doesnt work. Restarting doesnt help.
Running the script in the terminal also.
When I type
wpa_cli list_networks
I can see the output
0 eduroam any [CURRENT]
However, I'm not connected.
When i type wpa_cli, and then quit, I get some piece of info, like that:
CTRL-EVENT-DISCONNECTED [...] reason=DISC_SCAN or DISC_REQUESTED

When i type wpa_cli status it says
Supplicant PAE state = AUTHENTICATING

Typing udhcpc -i wlan0
Sending discover...
Sending discover...
Sending discover...

Do you have any ideas? I must say its highly inconvinient to change my home BSSID. I did it once and I dont want to do this more often. If eduroam is on my list_networks list, why it doesnt connect automaticaly? Is there a way to connect skipping GUI? Maybe I should dbus-send a message that im connected