How to view WPA server's certificate?

[Dan Williams]

On Wed, 2008-11-26 at 16:32 +0200, Jouni Malinen wrote:
> On Wed, Nov 26, 2008 at 01:47:26AM -0500, Matt McCutchen wrote:
> 
> > I am using wpa_supplicant via NetworkManager to connect to my
> > university's WPA Enterprise wireless network.  The wireless server
> > certificate is signed by the ThawtePremiumServerCA, which I configured
> > as the CA.  I'd like to dump the server certificate to a file so I can
> > inspect it.  Is there an easy way to do this?  If not, I might code one
> > up to use myself and to offer to the project.
> 
> There is no such feature in wpa_supplicant, but it should be relatively
> simple thing to add. The server certificate is available in
> tls_verify_cb() in src/crypto/tls_openssl.c (assuming you are using
> OpenSSL). wpa_supplicant is now just printing out the subject name of
> the certification, but you could dump the full certificate (or a
> fingerprint, etc.) here, too.

This is something we'd like to do in NetworkManager when the
functionality becomes available in the supplicant.  I think both Mac OS
X and Windows do this, but we'll want to also implement a real
certificate store (like NSS or whatever) first, so that there's one
single place where this stuff lives.

Dan