eapol_test tool against other servers than freeradius
Dana Blanaru
dana.blanaru
Wed Jun 18 01:53:24 PDT 2008
Ok, thank you. It's all clear now. :)
On Wed, Jun 18, 2008 at 10:31 AM, Jouni Malinen <j at w1.fi> wrote:
> On Wed, Jun 18, 2008 at 09:48:08AM +0200, Dana Blanaru wrote:
>
> > I am going to look into the errors generated by my server. But first I
> need
> > to be sure that certificates are ok on both sides.
>
> > But you confused me with something. You said that I don't need to set a
> > server certificate for the client. But EAP-TLS requires both client and
> > server certificates. On the freeradius for example i have specified the
> path
> > of the server certificate in eap.conf file - tls module. So I guess
> > eapol_test is looking after the server certificate in the case of
> EAP-TLS,
> > right?
>
> EAP-TLS requires that both the client and the server have a private
> key and matching certificate. However, it does not require that client
> would know the server certificate or vice versa prior to the TLS
> handshake. Both the client and server are also configured with a trusted
> CA certificate (and immediate CAs between the root CA and their own
> certificate, if used). Rest of the certificates are exchanged during the
> TLS handshake.
>
> In other words, the client has to be configured with a client private
> key, a client certificate, and the trusted CA certificate. The server
> has to be configured with a server private key, a server certificate,
> and the trusted CA certificate.
>
> --
> Jouni Malinen PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20080618/90dbbbe8/attachment.htm
More information about the Hostap
mailing list