<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
On Tue, 27 Oct 2009 Chuck wrote:<br><br>> On Mon 10/26/2009 6:45 PM, John Lumby wrote:<br>> > I have been trying to establish a wireless connection between two<br>> > laptops each running linux kernel 2.6.28 :<br>> ...<br>> > Could anyone please show me a working example of a pair of hostapd /<br>> > wpa_supplicant setup including wpa_supplicant.conf that authenticates to<br>> > the hostapd using WPA-EAP with EAP-TLS (or if impossible as per previous<br>> > paragraph - EAP-other ), and if possible answer my questions 1-3? I<br>> > would be very grateful ...<br>> <br>> I don't have a hostapd.conf for you to see (we use an off-the-shelf AP),<br>> but the following is what I use for EAP-TLS testing on the STA side<br>> <br>> ...<br><br>I omitted to say I am using hostapd's built-in mini-eap-server<br><br>> <br>> The part that tripped me up the most was creating the certificates. There<br>> seem to be a large number of different ways to do this, but the one that<br>> worked for me was a script called certhelper.py from the Fedora project.<br>><br><br>I downloaded certhelper.py from<br> http://cvs.fedora.redhat.com/viewcvs/extras-buildsys/utils/certhelper.py?root=fedora&rev=1.5&view=markup<br>based on this append :<br> http://lists.shmoo.com/pipermail/hostap/2007-November/016508.html<br><br>> <br>> The directions I wrote up for QA look something like:<br>> <br>> # ./certhelper.py ca --outdir=/etc/freeradius/certs --name=wifi<br>> # ./certhelper.py normal --outdir=/etc/freeradius/certs --name=server --cadir=/etc/freeradius/certs --caname=wifi<br>> # mv /etc/freeradius/certs/server_key{_and_,}cert.pem<br>> # ./certhelper.py normal --outdir=/etc/freeradius/certs --name=client --cadir=/etc/freeradius/certs --caname=wifi<br>> # mv /etc/freeradius/certs/client_key{_and_,}cert.pem<br>> <br>> HTH<br>> <br>> ---chuck<br>> <br>Chuck -- Thanks a million - yes, that worked! I knew it had to be something like that.<br><br>Jouni - I think it could help others greatly if you could add a mention of certhelper.py to the README<br><br>John<br><br>                                            <br /><hr />Ready for a deal-of-a-lifetime? <a href='http://go.microsoft.com/?linkid=9691629' target='_new'>Find fantastic offers on Windows 7, in one convenient place.</a></body>
</html>