wpa_supplicant using EAP-TTLS problem

王奕元 dadai.cm91 at gmail.com
Wed Nov 7 10:21:28 EST 2007

I still blocked by the above question,
and I found a page that seems useful for me.

At the bottom of this page,
it describes the certificates.
But I have one question,
where does the file "example.pfx" come from?
What data is recorded in it?

Some EAP authentication methods require use of certificates. EAP-TLS uses
both server side and client certificates whereas EAP-PEAP and EAP-TTLS only
require the server side certificate. When client certificate is used, a
matching private key file has to also be included in configuration. If the
private key uses a passphrase, this has to be configured in
wpa_supplicant.conf ("private_key_passwd").

wpa_supplicant supports X.509 certificates in PEM and DER formats. User
certificate and private key can be included in the same file.

If the user certificate and private key is received in PKCS#12/PFX format,
they need to be converted to suitable PEM/DER format for wpa_supplicant.
This can be done, e.g., with following commands:

# convert client certificate and private key to PEM format
openssl pkcs12 -in example.pfx -out user.pem -clcerts
# convert CA certificate (if included in PFX file) to PEM format
openssl pkcs12 -in example.pfx -out ca.pem -cacerts -nokeys
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20071107/68a032af/attachment.htm 

More information about the HostAP mailing list