Darren Albers wrote: > The EAP configs in Network-Manager map to the same in WPA_Supplicant > so man wpa_supplicant.conf would provide some information. > Additionally Network-Manager isn't doing anything unusual or special > so specific documentation regarding the various EAP wouldn't really be > exceptionally helpful except in cases where the field names chosen > don't correspond to what other supplicants have chosen but in my > experience they match in most cases. I was able to configure PEAP on > Network Manager as easily as I configured it on Odyssey and I suspect > that in enterprise deployments the admin's will document this all for > the users and not require them to guess at the fields. > > To answer your specific questions, I assume that you are using EAP-TLS. > When you generate a cert for a user you generate a public and private > key. The cert itself is the public key (the pem file). The Private > key password is only needed if you created the private key with a > password or passphrase (This is recommended by the way so the loss of > the private key doesn't compromise anything else). So you need to > private key, but not necessarily the passphrase. The private key is > used to encrypt the data and the public key is passed to the server so > that it can use it to decrypt the data. The reason you don't need the > private key on windows is because that key is stored withing the > windows certificate store. If you need more background on that > specific area there is a wealth of information available on PKI and I > can provide you with some great links. > >>From then on the transaction occurs just like any other PKI > transactions, the private key is used to encrypt the data and the > public key is exchanged between the two to decrypt the data. This > connection is used to exchange dynamic WEP or WPA keys and the > Wireless connection is brought up. > > Does that help answer your question? > Yes, thank you! That explains the problem I am having - I'll need to export a public key as well. I definitely think there should be a FAQ entry about this, or just a quick explanation when you hover over the fields that describes exactly what that field is for. I had the hardest time trying to Google anything useful! Thanks again! Nolan
Attachment:
signature.asc
Description: OpenPGP digital signature