User Tools

Site Tools


networkconfigurationsettings

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
networkconfigurationsettings [2021/01/26 10:25]
Andrew Zaborowski [802.1x (WPA/WPA2 Enterprise) settings] TLS certificate / private key settings update
networkconfigurationsettings [2021/01/26 10:26] (current)
Andrew Zaborowski [802.1x (WPA/WPA2 Enterprise) settings]
Line 54: Line 54:
 | ''​EAP-TLS-ClientKeyBundle''​ | //file path// | Path to a container fail to load both the certificate(s) and the private key from.  Either this or ''​EAP-TLS-ClientCert''​ + ''​EAP-TLS-ClientKey''​ can be present but not both.  Supported formats include PKCS#12 and concatenated PEM payloads. | | ''​EAP-TLS-ClientKeyBundle''​ | //file path// | Path to a container fail to load both the certificate(s) and the private key from.  Either this or ''​EAP-TLS-ClientCert''​ + ''​EAP-TLS-ClientKey''​ can be present but not both.  Supported formats include PKCS#12 and concatenated PEM payloads. |
 | ''​EAP-TLS-ClientKeyPassphrase''​ | //text// | Decryption key for the client private key file.  Must be present iff the private key or the certificate under one of the three settings above is encrypted. | | ''​EAP-TLS-ClientKeyPassphrase''​ | //text// | Decryption key for the client private key file.  Must be present iff the private key or the certificate under one of the three settings above is encrypted. |
-| ''​EAP-TTLS-ClientCert'',​\\ ''​EAP-PEAP-ClientCert'',​\\ ''​EAP-TTLS-ClientCert'',​\\ ''​EAP-PEAP-ClientCert'',​\\ ''​EAP-TTLS-ClientKeyPassphrase'',​\\ ''​EAP-PEAP-ClientKeyPassphrase''​ | //ignored// | Removed in 1.12 |+| ''​EAP-TTLS-ClientCert'',​\\ ''​EAP-PEAP-ClientCert'',​\\ ''​EAP-TTLS-ClientKey'',​\\ ''​EAP-PEAP-ClientKey'',​\\ ''​EAP-TTLS-ClientKeyPassphrase'',​\\ ''​EAP-PEAP-ClientKeyPassphrase''​ | //ignored// | Removed in 1.12 |
 | ''​EAP-TLS-ServerDomainMask'',​\\ ''​EAP-TTLS-ServerDomainMask'',​\\ ''​EAP-PEAP-ServerDomainMask''​ | //text// | A mask for the domain names contained in the server'​s certificate. ​ At least one of the domain names present in the certificate'​s Subject Alternative Name extension'​s DNS Name fields or the Common Name has to match at least one mask, or authentication will fail.  Multiple masks can be given separated by semicolons. ​ The masks are split into segments at the dots.  Each segment has to match its corresponding label in the domain name.  An asterisk segment in the mask matches any label. ​ An asterisk segment at the beginning of the mask matches one or more consecutive labels from the beginning of the domain string. | | ''​EAP-TLS-ServerDomainMask'',​\\ ''​EAP-TTLS-ServerDomainMask'',​\\ ''​EAP-PEAP-ServerDomainMask''​ | //text// | A mask for the domain names contained in the server'​s certificate. ​ At least one of the domain names present in the certificate'​s Subject Alternative Name extension'​s DNS Name fields or the Common Name has to match at least one mask, or authentication will fail.  Multiple masks can be given separated by semicolons. ​ The masks are split into segments at the dots.  Each segment has to match its corresponding label in the domain name.  An asterisk segment in the mask matches any label. ​ An asterisk segment at the beginning of the mask matches one or more consecutive labels from the beginning of the domain string. |
 | ''​EAP-TTLS-Phase2-Method''​ | ''​Tunneled-CHAP'',​\\ ''​Tunneled-MSCHAP'',​\\ ''​Tunneled-MSCHAPv2'',​\\ ''​Tunneled-PAP''​ or\\ a valid EAP method name (see ''​EAP-Method''​) | Phase 2 authentication method for EAP-TTLS. ​ Can be either one of the TTLS-specific non-EAP methods (//​Tunneled-//​*),​ or any EAP method documented here.  The following two settings are used if any of the non-EAP methods is used.  No default value. | | ''​EAP-TTLS-Phase2-Method''​ | ''​Tunneled-CHAP'',​\\ ''​Tunneled-MSCHAP'',​\\ ''​Tunneled-MSCHAPv2'',​\\ ''​Tunneled-PAP''​ or\\ a valid EAP method name (see ''​EAP-Method''​) | Phase 2 authentication method for EAP-TTLS. ​ Can be either one of the TTLS-specific non-EAP methods (//​Tunneled-//​*),​ or any EAP method documented here.  The following two settings are used if any of the non-EAP methods is used.  No default value. |
networkconfigurationsettings.1611656716.txt.gz ยท Last modified: 2021/01/26 10:25 by Andrew Zaborowski