wpa_supplicant using EAP-TTLS problem

Bryan Kadzban bryan
Wed Nov 7 15:46:06 PST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

??? wrote:
> http://linux.die.net/man/5/wpa_supplicant.conf
> 
> At the bottom of this page, it describes the certificates. But I have
> one question, where does the file "example.pfx" come from?

Either you create it, or you receive it from whoever you get the cert
signed by (e.g. your company's IT group if it's a company certificate
structure, or a public CA if you want to pay per cert).  Note the start
of one of the sentences right before those commands (that you quoted):

> If the user certificate and private key is received in PKCS#12/PFX 
> format,

In other words, that only applies if you *already* have a cert in the
PFX/PKCS#12 format.

> What data is recorded in it?

A PKCS#12 file contains your private key, your certificate (the
certificate contains your public key and your identifying information,
plus some optional extensions, all of which are signed by the issuing
CA), the cert of the CA that signed your cert, and any other certs in
the signing path, all the way up the chain to the root cert.

The "openssl pkcs12" commands on that page tell you how to split this
file out into two files -- the first command gives you your cert and
your private key (together), and the second gives you the certs of all
the CA certs (all the way up the signing chain).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHMk49S5vET1Wea5wRA2TUAJ0TNNXF5Sb8wIPXr9k3QIcC5zfPuACfbKzv
h3+2dB7wAgmlne3fNDeLeK4=
=xfe6
-----END PGP SIGNATURE-----




More information about the Hostap mailing list