Startup config for no validation on CA certificates

#1

Hi there, to connect my rpi zero to the wifi here at work, I need to ask it NOT to validate the CA Certificate.

Is that possible in the wifi startup script (as editable on the SD card before startup)…?

Thanks for any help

Nick.

#9

Hi,

Can you give us more details? What CA certificate should not be validated? Do you mean the SSL connection between the device and the API?

Best regards,
Andreas

#13

Hi there,

It’s the CA certificate option I can see when I connect on my (android) phone. From Digicert blog:

“Similar to other platforms like Windows and macOS, Android maintains a system root store that is used to determine if a certificate issued by a particular Certificate Authority (CA) is trusted.”

there’s a little more info and a graphic of the phone screen at this link…

Is that enough info…?.. if not, let me know… and thanks for any help.

Regards,

Nick.

#16

Hi,

did you configure WiFi when you was adding a device / downloading an image? If so, there’s /system-connections folder in the boot partition and it contains resin-wifi file (more info at https://www.balena.io/docs/reference/OS/network/2.x/#wifi-setup).

Try to create new section [802-1x] here with system-ca-certs=false line. Does it help?

#19

@sailinghome Did you try Robert’s suggestion? Let us know if that works for you.

#20

Hi there,

I have tried all day yesterday to get it onto the wifi. The resin-wifi file is the one that I had been editing previously and the system -ca-certs=false line would seem to be correct, so I suspect that there’s another issue with the wifi information. We have three wifi systems here, one for staff, one for guests and one for BYOD. I feel sure that the BYOD wifi is my best chance at getting it online.

I’ve passed this back to the IT team for their review again.

I found the suggested ‘ca-certs’ line and much more useful info on the below link.
[https://developer.gnome.org/NetworkManager/stable/settings-802-1x.html#settings-802-1x.properties]

I’ll update again if I can get it online, and thanks again for such a simple and well implemented air quality monitoring project. :grin: