WPA_Supplicant with EAP-TLS under Windows
Jouni Malinen
jkmaline at cc.hut.fi
Sat Jul 29 21:15:35 EDT 2006
On Fri, Jul 28, 2006 at 01:20:42PM +0200, Benoît ALBERT wrote:
> I try to configure wpa_supplicant to connect to a network that use 802.1x
> and dynamic WEP under windows 2000.
> I don't find how to define the certificate I want to use (This one is stored
> in windows registry and not in one or several files).
Please see the example wpa_supplicant.conf file for details on how
ca_cert and private_key are configured for the case where Windows
certificate store is used (I'm assuming you mean that, and not only
using registry):
# ca_cert: File path to CA certificate file (PEM/DER). This file can have one
# or more trusted CA certificates. If ca_cert and ca_path are not
# included, server certificate will not be verified. This is insecure and
# a trusted CA certificate should always be configured when using
# EAP-TLS/TTLS/PEAP. Full path should be used since working directory may
# change when wpa_supplicant is run in the background.
# On Windows, trusted CA certificates can be loaded from the system
# certificate store by setting this to cert_store://<name>, e.g.,
# ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT".
# private_key: File path to client private key file (PEM/DER/PFX)
# When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be
# commented out. Both the private key and certificate will be read from
# the PKCS#12 file in this case. Full path should be used since working
# directory may change when wpa_supplicant is run in the background.
# Windows certificate store can be used by leaving client_cert out and
# configuring private_key in one of the following formats:
# cert://substring_to_match
# hash://certificate_thumbprint_in_hex
# for example: private_key="hash://63093aa9c47f56ae88334c7b65a4"
# Alternatively, a named configuration blob can be used by setting this
# to blob://<blob name>.
--
Jouni Malinen PGP id EFC895FA
More information about the HostAP
mailing list