EAP_TLS proper way to use certificates

Hi, a couple months ago I’ve created an app that connects to WPA enterprise properly using BW16 following the example_eap.c sample. Everything was working fine till my certificate expired.

I re-issue the certificate, updated the wifi network and test it on my windows machine and everything was working fine. Then I updated my code on BW16 on, what I thought was the same procedure I’ve used a few months ago, but it didn’t work. I get an “eap_sm_init failed” error.

Obiously I’m doing something wrong with the certificates let’s see if someone can help me find out what am I doing wrong!

This is what I’ve done.

I start from my working windows certificates called ca.cer and client.p12. Providing that this formats are not supported by mbedtls I have to convert them to proper format, so I use openssl in a linux box.

First I convert client.P12 to client.pem removing the key.

openssl pkcs12 -in client.p12 -out client.pem -clcerts -nokeys

then I create a client.key out of the same client.p12 file.

openssl pkcs12 -in client.p12 -out client.key -nocerts -nodes

and now I convert the key file to rsa (probably it can be done in the previous command, but I don’t know how… :frowning: )

openssl rsa -in client.key -out client_rsa.key

finally I convert the ca.der to ca.pem

openssl x509 -inform der -in ca.der -out ca.pem

Now, I use the content of those file to feed the variables:

client.pem → eap_client_cert
client_rsa.key → eap_client_key
ca.pem → eap_ca_cert

compile, download an try example_eap.c and I get this output:

init_thread(58), Available heap 0x2db60
==================== tls_start ====================

RTL8721D[Driver]: set ssid [Certi]

RTL8721D[Driver]: rtw_set_wpa_ie[1160]: AuthKeyMgmt = 0x1

RTL8721D[Driver]: rtw_restruct_sec_ie[4293]: no pmksa cached

RTL8721D[Driver]: start auth to fe:55:b8:93:a2:94

RTL8721D[Driver]: auth alg = 0

OnAuthClient:algthm = 0, seq = 2, status = 0, sae_msg_len = 0

RTL8721D[Driver]: auth success, start assoc

RTL8721D[Driver]: association success(res=1)
wlan1: 1 DL RSVD page success! DLBcnCount:01, poll:00000001
dissconn reEAP: eapason code: _sm_init fai0

ERROR: connect to AP by tls failed

==================== tls_finish ====================

Any clue?

If we manage to solve this, I think this will be a very good post to help others in WPA_Enterprise connections! Thanks!!

Have you found the problem?