Ok, thank you. It's all clear now. :)<br><br><div class="gmail_quote">On Wed, Jun 18, 2008 at 10:31 AM, Jouni Malinen <<a href="mailto:j@w1.fi">j@w1.fi</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Wed, Jun 18, 2008 at 09:48:08AM +0200, Dana Blanaru wrote:<br>
<br>
> I am going to look into the errors generated by my server. But first I need<br>
> to be sure that certificates are ok on both sides.<br>
<br>
> But you confused me with something. You said that I don't need to set a<br>
> server certificate for the client. But EAP-TLS requires both client and<br>
> server certificates. On the freeradius for example i have specified the path<br>
> of the server certificate in eap.conf file - tls module. So I guess<br>
> eapol_test is looking after the server certificate in the case of EAP-TLS,<br>
> right?<br>
<br>
</div>EAP-TLS requires that both the client and the server have a private<br>
key and matching certificate. However, it does not require that client<br>
would know the server certificate or vice versa prior to the TLS<br>
handshake. Both the client and server are also configured with a trusted<br>
CA certificate (and immediate CAs between the root CA and their own<br>
certificate, if used). Rest of the certificates are exchanged during the<br>
TLS handshake.<br>
<br>
In other words, the client has to be configured with a client private<br>
key, a client certificate, and the trusted CA certificate. The server<br>
has to be configured with a server private key, a server certificate,<br>
and the trusted CA certificate.<br>
<font color="#888888"><br>
--<br>
</font><div><div></div><div class="Wj3C7c">Jouni Malinen PGP id EFC895FA<br>
_______________________________________________<br>
HostAP mailing list<br>
<a href="mailto:HostAP@lists.shmoo.com">HostAP@lists.shmoo.com</a><br>
<a href="http://lists.shmoo.com/mailman/listinfo/hostap" target="_blank">http://lists.shmoo.com/mailman/listinfo/hostap</a><br>
</div></div></blockquote></div><br>