Command Line setting VPN with NetWorkManager using nmcli when Server Certificate is untrusted

mahdiaqallal · March 24, 2024, 7:43pm

On Fedora Workstation Live I am launching a NetWorkManager VPN with nmcli connection up
included in a script

In another thread was a reference to NetworkManager Reference Manual.
But I found nothing related to forcing untrusted certificates

I need this strp in the script to work without user interaction

Meanwhile if I select “I really know what I am doing” and then “Connect” anyway it’s to late with an error “Connection unsuccessful - Time Out”

Any hints ?

vgaetera · March 24, 2024, 9:06pm

You can manually create a working connection and check its settings:

nmcli connection show
PAGER= nmcli connection show CONNECTION

Then compare the output with the one created by your script.
Deploy the certificate file together with your script or include it as PEM.

Some VPN types also support the export/import feature:

nmcli connection export VPN_CONNECTION FILE
nmcli connection import type VPN_TYPE file FILE

If the issue persists, try adding this certificate to the trusted storage:
Using Shared System Certificates :: Fedora Docs

Topic		Replies	Views
Unable to connect to OpenVPN using nmcli Ask Fedora f35 , networking , silverblue	3	4635	November 26, 2021
NetworkManager bug Ask Fedora networkmanager , workstation , f41	4	361	November 19, 2024
Cannot connect to IKEv2 VPN on Fedora 33 - No trusted RSA public key found Ask Fedora f33 , vpn , networking , gnome	34	6830	November 5, 2024
I can't add a VPN in Fedora 36 Ask Fedora f36	5	2551	November 1, 2022
Unable to load VPN connection editor (vpnc) Ask Fedora f42	3	631	May 4, 2025