wpa_supplicant interoperability with IAS

Jouni Malinen jkmaline at cc.hut.fi
Sat May 20 01:33:58 EDT 2006


On Wed, May 17, 2006 at 01:48:28PM -0700, JP Dong wrote:

> Hi all,We are trying to test the interoperability of wpa_supplicant with IAS radius server using EAP-TLS. We used IAS to create the certificates for CA and a user, but we are not able to obtain the key file for the user since it is required by wpa_supplicant configuration file (or not?); however, the key and certificate for CA can be obtained. In the wpa_supplicant, the following fields are needed:ca_cer_fileprivate_cer_fileprivate_key_fileWe just wondered whether all these three files are required; if so, how they can be obtained using IAS (or if conversion is needed, how the conversion can be done?) Any hints or suggestions would be highly appreciated.Thanks and best,JP

IAS does not create certificates as far as I know. I would assume you
are using IAS as the RADIUS authentication server and Microsoft CA
service as the tool for enrolling certificates.

What made you think the user key cannot be obtained? I have enrolled
client certificates (including private key generation) successfully with
Firefox from Microsoft CA. These work fine with wpa_supplicant. Another
option is to enroll certificates (e.g., with WinXP) and export them as
PKCS#12(PFX) file.

EAP-TLS requires user private key and certificate and a trusted CA
certificate. These do not need to be separate files, but these
keys/certificates are needed.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list