entd: Upon finding multiple matching certs, pick one
Instead of erroring out like there are no certs when multiple exist,
pick one assuming all are the same. This may help some users who
get in cycles of needing to reinstall certs on every logout/login.
I think flimflam multiprofile will also fix them since Google-A
doesn't need to be re-setup every time you log in by entd.
1) it shows correct status when only one cert is installed
2) it shows "Installed." when multiple certs are installed
To install multiple certs:
Install certificate as usual
openssl pkcs12 -in /home/chronos/user/Downloads/clientCert.p12 -out file.pem
// split file.pem into a .crt and .key file by hand (pem format)
openssl rsa -in /tmp/foo.key -out /tmp/foo.keyder -outform der
openssl x509 -in /tmp/foo.crt -out /tmp/foo.der -outform der
pkcs11-tool --module=/usr/lib/opencryptoki/PKCS11_API.so -O -p 111111 -y privkey -w /tmp/foo.keyder -a 'whatever' -d 03
pkcs11-tool --module=/usr/lib/opencryptoki/PKCS11_API.so -O -p 111111 -y cert -w /tmp/foo.der -a 'whatever' -d 03
Unfortunately this installs a cert that won't work with Google-A. In my testing, I believe WPA supplicant is picking
that cert and reject occurs.
Reviewed-by: Robert Ginda <firstname.lastname@example.org>
Reviewed-by: Ken Mixter <email@example.com>
Tested-by: Ken Mixter <firstname.lastname@example.org>
1 file changed