wpa_supplicant using EAP-TTLS problem
bryan at kadzban.is-a-geek.net
Wed Nov 7 18:46:06 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
> At the bottom of this page, it describes the certificates. But I have
> one question, where does the file "example.pfx" come from?
Either you create it, or you receive it from whoever you get the cert
signed by (e.g. your company's IT group if it's a company certificate
structure, or a public CA if you want to pay per cert). Note the start
of one of the sentences right before those commands (that you quoted):
> If the user certificate and private key is received in PKCS#12/PFX
In other words, that only applies if you *already* have a cert in the
> What data is recorded in it?
A PKCS#12 file contains your private key, your certificate (the
certificate contains your public key and your identifying information,
plus some optional extensions, all of which are signed by the issuing
CA), the cert of the CA that signed your cert, and any other certs in
the signing path, all the way up the chain to the root cert.
The "openssl pkcs12" commands on that page tell you how to split this
file out into two files -- the first command gives you your cert and
your private key (together), and the second gives you the certs of all
the CA certs (all the way up the signing chain).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the HostAP