Comment 75 for bug 272185

Even after updating to new network-manager and network-manager-gnome, I'm still having problems using a CA certificate. If I add my University's certificate (through the nm-applet dialog) then I get and error in wpa_supplicant.log, and the connection fails:

CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
TLS: Certificate verification failed, error 19 (self signed certificate in certificate chain) depth 2 for '/DC=edu/DC=marshall/CN=Marshall University Root CA'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
CTRL-EVENT-EAP-FAILURE EAP authentication failed

If I delete the CA cert from the applet setup, then I get a pop-up window warning that not using a CA certificate can result in connections to insecure networks, etc, but if I click through the warning (click the Ignore button), then I do connect successfully, and wpa_supplicant.log shows:

Trying to associate with 00:16:9c:93:c9:b0 (SSID='MU WiFi' freq=2462 MHz)
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully (based on lower layer success)
WPA: EAPOL-Key Replay Counter did not increase - dropping packet
Associated with 00:16:9c:93:c9:b0
WPA: Key negotiation completed with 00:16:9c:93:c9:b0 [PTK=CCMP GTK=CCMP]
CTRL-EVENT-CONNECTED - Connection to 00:16:9c:93:c9:b0 completed (reauth) [id=0 id_str=]

So it's working, sort of, but I can't use the CA cert from my University.

I tried Björn Torkelsson's suggestion (add CA cert to /etc/ssl/certs/ and run 'update-ca-certificates --fresh') but that didn't seem to make any difference.