802.1x auth with wpa_supp?
Jouni Malinen
jkmaline at cc.hut.fi
Sun Oct 3 22:36:10 EDT 2004
On Sat, Sep 25, 2004 at 09:29:05PM +1200, Morgan Read wrote:
> I've had some feed back from my uni on this. Apparently the server cert
> was changed a few weeks back and it can no longer be verified (nice
> work). Now people are turning the verification option off in windows &
> linux/xsupplicant - How do I turn verification off in wpa_supplicant?
EAP-PEAP requires server certificate verification to avoid
man-in-the-middle attacks. If you don't care about security, you can
remove the ca_cert configuration from wpa_supplicant.conf to make
wpa_supplicant not verify the certificate.
> Another suggestion was that I need to regenerate my key? The one I'm
> using was generated for xsupplicant - can anybody give me a basic "one
> two" on using ssh-keygen or openssl to correctly generate a private key
> for wpa_supplicant? I've had this in the back of my mind for a while
> but not found any info on it.
Which key?? I thought you were using EAP-PEAP which does not usally use
client key.. Is this not the case?
> Copy of recent debug output attached FYI (interesting bit's 35-45 lines
> from end).
Looks like you are trying to load an invalid private key. I don't know
why you would be using it in the first place with EAP-PEAP, though..
--
Jouni Malinen PGP id EFC895FA
More information about the HostAP
mailing list