EAP-TLS with certificate-chain

Jouni Malinen j at w1.fi
Mon Feb 18 19:00:06 EST 2008


On Mon, Feb 18, 2008 at 09:52:57PM +0100, Faigl Zoltán wrote:

> As a consequence, during authentication, the server sends out all the 
> 4-tier certificate chain in the server Certificate handshake.
> You can see this in my capture file (with wireshark) available on 
> http://www.mcl.hu/~szlaj/trace1.cap (192.168.83.3 is freeRadius, 
> 192.168.81.3 is the Radius client).

The Certificate message form the server looks correct based on a quick
look.

> I am currently testing the first test case, so I tried to give the 
> following configuration for the wpa supplicant:

>         ca_cert="rootCA.pem"
>         client_cert="client-1.pem"
>         private_key="client.key"
>         private_key_passwd="ikev2meas"

> Here, client-1.crt is signed by rootCA
> rootCA is the common CA of the client and server.

This sounds reasonable, too.

> When the client receives the first group of TLS handshake messages from 
> the server, it says "unknown CA" for the server certificates and the 
> authentication is unsuccessful.

For some reason, the client TLS (OpenSSL?) implementation dd not like
the certificate chain from the server. If rootCA.pem includes the
self-signed root certificate used in the chain, this should have
worked..

Are these client/server/CA certificates and client/server private keys
for test use only? If yes, could you please send me them so that I can
run a test with the same setup myself?

> 1. How to reach that the client side accept the certificate-chain of the 
> server, if the common trusted CA is the rootCA?

This should have worked with your current configuration, if I understood
this correctly.

> 2. Could you give the details of the configuration, of wpa_supplicant:  
> what certificate formats can I use? PEM, DER or PKCS12? I would prefer 
> PEM, but I can also convert to other formats.

You can use PEM, DER, and PKCS12 with wpa_supplicant (assuming you are
using OpenSSL for TLS). If you have multiple CA certificates, the
easiest mechanism is likely to concatenate them in PEM format into a
single file and use that as the ca_cert.

> 3. I would like to make functioning test cases 2 and 3. But, how to 
> configure wpa_supplicant with n-tier client certificate chain? In these 
> cases, what do you think about the freeRadius side EAP-TLS configuration?

Same mechanism should work for both FreeRADIUS and wpa_supplicant. As
long as each end has full chain from its own certificate to the trusted
root (that is shared by both ends), the authentication should work.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list