WPA enterprise and default parameters on Linux
Alessandro Sivieri
alessandro.sivieri
Wed Nov 18 10:35:32 PST 2009
2009/11/18 Dan Williams <dcbw at redhat.com>
> Can you post your wpa_supplicant configuration? Are you using TLS or
> TTLS?
>
> If you configure wpa_supplicant correctly, the provider's certificate is
> also checked. That's the "ca_cert" option. If the certificate that the
> provider sends is not signed by your trusted Certificate Authority then
> the connection is denied by wpa_supplicant. If you do no specify the
> ca_cert option in the configuration, then your connection is insecure
> and could be hijacked.
>
> There's also the "subject_match" and "altsubject_match" configuration
> options, which can further increase security by ensuring that the
> provider's certificate matches a few basic criteria that you specify.
>
>
Yes, here it is:
--->0-----------------------------------
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
ap_scan=1
network={
ssid="internet"
proto=WPA
key_mgmt=WPA-EAP
auth_alg=OPEN
pairwise=TKIP
eap=TLS
anonymous_identity="SOMEUNIQUEID"
ca_cert="/etc/certificati/somefile.cer"
private_key="/etc/certificati/somefile.p12"
private_key_passwd="CERTPASSWD"
phase2="auth=MSCHAPV2"
}
--
Sivieri Alessandro
alessandro.sivieri at gmail.com
http://www.chimera-bellerofonte.eu/
http://www.poul.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20091118/daf7a182/attachment.htm
More information about the Hostap
mailing list