<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7650.21">
<TITLE>Configuration of hostapd for: EAP-PEAP/TLS (outer PEAP and inner TLS configuration)</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><FONT SIZE=2 FACE="Arial">I want to configure hostapd in such a way that it will do outer PEAP and inner TLS configuraiton. </FONT>
</P>
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">There is actually a example for using TTLS/TLS(outer TTLS and inner TLS authentication) which is:</FONT>
<BR><FONT FACE="Times New Roman"> </FONT><FONT SIZE=2 FACE="Times New Roman"># WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner authentication.<BR>
network={<BR>
ssid="example"<BR>
key_mgmt=WPA-EAP<BR>
eap=TTLS<BR>
# Phase1 / outer authentication<BR>
anonymous_identity=</FONT><A HREF="mailto:anonymous@example.com"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Times New Roman">anonymous@example.com</FONT></U></A><BR>
<FONT SIZE=2 FACE="Times New Roman">ca_cert="/etc/cert/ca.pem"<BR>
# Phase 2 / inner authentication<BR>
phase2="autheap=TLS"<BR>
ca_cert2="/etc/cert/ca2.pem"<BR>
client_cert2="/etc/cer/user.pem"<BR>
private_key2="/etc/cer/user.prv"<BR>
private_key2_passwd="password"<BR>
priority=2<BR>
}</FONT><FONT FACE="Times New Roman"> </FONT>
<BR><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">From this example, I would like to derive the PEAP/TLS configuration, and version one would be:</FONT><FONT FACE="Times New Roman"> </FONT>
<BR><FONT COLOR="#000000" SIZE=2 FACE="Times New Roman">network={<BR>
ssid="example"<BR>
key_mgmt=WPA-EAP<BR>
eap=PEAP<BR>
# Phase1 / outer authentication<BR>
#anonymous_identity=</FONT><A HREF="mailto:"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Times New Roman">anonymous@example.com</FONT></U></A><FONT COLOR="#000000" SIZE=2 FACE="Times New Roman"> => anonymous identitiy is not required for PEAP therefore leave it out</FONT><BR>
<FONT COLOR="#000000" SIZE=2 FACE="Times New Roman">ca_cert="/etc/cert/ca.pem"<BR>
# Phase 2 / inner authentication<BR>
phase2="autheap=TLS"<BR>
ca_cert2="/etc/cert/ca2.pem"<BR>
client_cert2="/etc/cer/user.pem"<BR>
private_key2="/etc/cer/user.prv"<BR>
private_key2_passwd="password"<BR>
priority=2<BR>
}</FONT><FONT FACE="Times New Roman"> </FONT>
<BR><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">The second version is: (Note that the difference between both is in bold!)</FONT><FONT FACE="Times New Roman"> </FONT>
<BR><FONT COLOR="#000000" SIZE=2 FACE="Times New Roman">network={<BR>
ssid="example"<BR>
key_mgmt=WPA-EAP<BR>
eap=PEAP<BR>
# Phase1 / outer authentication<BR>
#anonymous_identity=</FONT><A HREF="mailto:"><U><FONT COLOR="#0000FF" SIZE=2 FACE="Times New Roman">anonymous@example.com</FONT></U></A><FONT COLOR="#000000" SIZE=2 FACE="Times New Roman"> => anonymous identitiy is not required for PEAP therefore leave it out</FONT><FONT FACE="Times New Roman"><BR>
<B></B></FONT><B><FONT COLOR="#000000" SIZE=2 FACE="Times New Roman">identity="user name"</FONT></B><FONT FACE="Times New Roman"><BR>
</FONT><B><FONT COLOR="#000000" SIZE=2 FACE="Times New Roman">password="user password"</FONT><BR>
</B><FONT COLOR="#000000" SIZE=2 FACE="Times New Roman">ca_cert="/etc/cert/ca.pem"<BR>
# Phase 2 / inner authentication<BR>
phase2="autheap=TLS"<BR>
ca_cert2="/etc/cert/ca2.pem"<BR>
client_cert2="/etc/cer/user.pem"<BR>
private_key2="/etc/cer/user.prv"<BR>
private_key2_passwd="password"<BR>
priority=2<BR>
}</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">I wonder which version would do the configuration correct for PEAP/TLS.</FONT>
</P>
</BODY>
</HTML>