GNOME Bugzilla – Bug 698575
Save WPA2 ca certificate somewhere
Last modified: 2015-06-15 08:46:07 UTC
A certificate for WPA2 enterprise is a part of a network setup, yet user should store the file somewhere by himself, with the possibility of deleting it accidentally, after which the connection will become unusable (no errors will be reported, just fail to connect). Also, if user is creating a connection "for everybody" it's not correct to store crt file inside user's home folder, as it's part of the system now. Yet, user doesn't have a permission to write anywhere outside his home folder, which can make it impossible for him to create a WPA2ent connection "for everybody", even if he's allowed to do it by polkit.
The longer-term fix for this is to require the user to import the certificate to a system-level certificate store, and then NM just tells the supplicant to use the system certificate store for validation. The shorter term fix might involve copying certificates the user picks to some directory in ~. At least in SELinux, certain directories in ~ are tagged to allow processes like wpa_supplicant to read from and so if you don't put the certificate there, then things fail due to permissions errors.
I'm closing this as a duplicate of bug 689818. *** This bug has been marked as a duplicate of bug 689818 ***