4

How do I make wpa_supplicant accept any server certificate for PEAP MSCHAPv2 without having to manually put the public key in the client config?

Monstieur
  • 466
  • 1
  • 4
  • 17
  • It should be pointed out that doing this can be a major security risk: When using username/password authentication, the client will broadcast its username and password to any fake AP, making them easy to harvest. – sleske Dec 16 '14 at 23:54

1 Answers1

4

Simply don't include a ca_cert or ca_path tag/value pair in the wpa_supplicant.conf file.

From the example wpa_supplicant.conf file. Note the third sentence (emphasis mine):

# ca_cert: File path to CA certificate file (PEM/DER). This file can have one # or more trusted CA certificates. If ca_cert and ca_path are not # included, server certificate will not be verified. This is insecure and # a trusted CA certificate should always be configured when using # EAP-TLS/TTLS/PEAP. Full path should be used since working directory may # change when wpa_supplicant is run in the background.

Spiff
  • 101,729
  • 17
  • 175
  • 229