EAP-TLS with certificate-chain

Jouni Malinen j
Mon Feb 18 16:00:06 PST 2008

On Mon, Feb 18, 2008 at 09:52:57PM +0100, Faigl Zolt?n wrote:

> As a consequence, during authentication, the server sends out all the 
> 4-tier certificate chain in the server Certificate handshake.
> You can see this in my capture file (with wireshark) available on 
> http://www.mcl.hu/~szlaj/trace1.cap ( is freeRadius, 
> is the Radius client).

The Certificate message form the server looks correct based on a quick

> I am currently testing the first test case, so I tried to give the 
> following configuration for the wpa supplicant:

>         ca_cert="rootCA.pem"
>         client_cert="client-1.pem"
>         private_key="client.key"
>         private_key_passwd="ikev2meas"

> Here, client-1.crt is signed by rootCA
> rootCA is the common CA of the client and server.

This sounds reasonable, too.

> When the client receives the first group of TLS handshake messages from 
> the server, it says "unknown CA" for the server certificates and the 
> authentication is unsuccessful.

For some reason, the client TLS (OpenSSL?) implementation dd not like
the certificate chain from the server. If rootCA.pem includes the
self-signed root certificate used in the chain, this should have

Are these client/server/CA certificates and client/server private keys
for test use only? If yes, could you please send me them so that I can
run a test with the same setup myself?

> 1. How to reach that the client side accept the certificate-chain of the 
> server, if the common trusted CA is the rootCA?

This should have worked with your current configuration, if I understood
this correctly.

> 2. Could you give the details of the configuration, of wpa_supplicant:  
> what certificate formats can I use? PEM, DER or PKCS12? I would prefer 
> PEM, but I can also convert to other formats.

You can use PEM, DER, and PKCS12 with wpa_supplicant (assuming you are
using OpenSSL for TLS). If you have multiple CA certificates, the
easiest mechanism is likely to concatenate them in PEM format into a
single file and use that as the ca_cert.

> 3. I would like to make functioning test cases 2 and 3. But, how to 
> configure wpa_supplicant with n-tier client certificate chain? In these 
> cases, what do you think about the freeRadius side EAP-TLS configuration?

Same mechanism should work for both FreeRADIUS and wpa_supplicant. As
long as each end has full chain from its own certificate to the trusted
root (that is shared by both ends), the authentication should work.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list