Connecting using wpa_supplicant to a WPA EAP-TLS network

Soh Kam Yung sohkamyung
Fri Oct 17 03:03:27 PDT 2008

On Mon, Oct 13, 2008 at 11:35 PM, Jouni Malinen <j at> wrote:
> On Mon, Oct 13, 2008 at 03:41:04PM +0800, Soh Kam Yung wrote:
> [...]
>> My MIS says that no identity is required.  Does this mean I can leave
>> it out or should I configure it as identity=""?
> Some supplicants generate the identity string from the certificate, but
> if the network is indeed configured to not require any specific
> identity, yes, you could set it to "". Though, I would set it to
> something like "anonymous" etc. to make it distinct from some
> auto-probing software that uses an empty identity string to figure out
> what authentication mechanism should be used.
> [...]


I have checked with my MIS and there was a mis-communication: their
supplicant expects the identity string to be generated from the client

Can this (generating the identity from the client certificate) be done
by wpa_supplicant, or do I still need to provide an explicit identity
field in the wpa_supplicant configuration?

Also, how do I check that my pkcs#12 file contains my identity?  I
have tried to export all info from it into a .pem file to check but I
cannot locate any identity field.

Does this mean that my identity is missing from the pkcs#12 file?

Soh Kam Yung
my Google Reader Shared links:
my Google Reader Shared SFAS links:

More information about the Hostap mailing list