Regarding PEAP wpa_supplicant interoperability

J I jmi_1996 at yahoo.com
Mon Apr 4 03:46:31 EDT 2005


Hi all,
           Thanks for the response ....
 
        I tested without configuring the ca_cert in wpa_supplicant.cnf file , any how it successfully completed phase 1 and entered phase 2 authentication ( PEAP ), but after the APPLICATION DATA handshake it failed to proceed further. Is it the problem with IAS server configuration ? Can any one help me in this regard .
         How to generate a Microsoft CA certificate with IAS server ?
         In my case if i configure the server certificate in wpa_supplicant it is not identifying the issuer of the certificate, is this happening since IAS server i am using is in differant domain ? 

Thanks and regards,
- JMI

Jouni Malinen <jkmaline at cc.hut.fi> wrote:
On Sat, Apr 02, 2005 at 06:59:35AM -0800, J I wrote:

> Is the PEAP authentication protocol in wpa_supplicant is interoperable with IAS server, i am trying to authenticate wpa_supplicant ( PEAP configured as authentication protocol ) with IAS server .

Yes, this works fine in my tests.

> But wpa_supplicant is failing to verify the server certificate. The error message is :
> "validate server certificate failed - unable to find the issuer of the server certificate".Will the wpa_supplicant accepts the certificate generated by IAS server Certificate Authority tool. If it can then can anybody help me in generating the valid certificate.

I have used certificates generated by Microsoft CA with IAS and that has
worked fine. Are you sure you configured the correct CA certificate to
wpa_supplicant? Have you tested whether this works without ca_cert
configured in wpa_supplicant.conf?

> Will the IAS sever recognize the openssl generated certificates ?

Well, yes, but getting this configured is going to be quite complex. One
would need to add all the required certificate extensions and then load
the certificate. I have seen it done once, but I would not be doing it
without plenty of time available to waste on this.. ;-)

-- 
Jouni Malinen PGP id EFC895FA
_______________________________________________
HostAP mailing list
HostAP at shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap

		
---------------------------------
Yahoo! Messenger
 Show us what our next emoticon should look like. Join the fun.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20050404/2ae70095/attachment.htm 


More information about the HostAP mailing list