UNAUTH-TLS Configuration Example

Jouni Malinen j at w1.fi
Mon Jul 17 01:46:05 PDT 2017

On Tue, Jul 11, 2017 at 11:53:45AM +0000, Joshua Riesenweber wrote:
> I'm looking to setup a public wireless network, where clients can create an encrypted connection to the authenticator but do not require a client cert.
> I've seen a few references to UNAUTH-TLS and WFA-UNAUTH-TLS that appears to do exactly this, but I haven't been able to find any config examples and haven't had any luck trying to configure it. 

That configuration would be otherwise identical to EAP-TLS cases, but
there is no client_cert of private_key configuration on the client. For


on the client.

And on the hostapd-as-EAP-server:

"unauthenticated"	UNAUTH-TLS

in the eap_user.conf file while the main config includes normal
parameters for EAP-TLS (ca_cert, server_cert, private_key).

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list