802.1x auth with wpa_supp?

Jouni Malinen jkmaline
Sun Oct 3 19:36:10 PDT 2004

On Sat, Sep 25, 2004 at 09:29:05PM +1200, Morgan Read wrote:

> I've had some feed back from my uni on this.  Apparently the server cert 
> was changed a few weeks back and it can no longer be verified (nice 
> work).  Now people are turning the verification option off in windows & 
> linux/xsupplicant - How do I turn verification off in wpa_supplicant?

EAP-PEAP requires server certificate verification to avoid
man-in-the-middle attacks. If you don't care about security, you can
remove the ca_cert configuration from wpa_supplicant.conf to make
wpa_supplicant not verify the certificate.

> Another suggestion was that I need to regenerate my key?  The one I'm 
> using was generated for xsupplicant - can anybody give me a basic "one 
> two" on using ssh-keygen or openssl to correctly generate a private key 
> for wpa_supplicant?  I've had this in the back of my mind for a while 
> but not found any info on it.

Which key?? I thought you were using EAP-PEAP which does not usally use
client key.. Is this not the case?

> Copy of recent debug output attached FYI (interesting bit's 35-45 lines 
> from end).

Looks like you are trying to load an invalid private key. I don't know
why you would be using it in the first place with EAP-PEAP, though..

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list