Make wpa_supplicant ignore server certificate trust
Simply don't include a ca_cert
or ca_path
tag/value pair in the wpa_supplicant.conf file.
From the example wpa_supplicant.conf file. Note the third sentence (emphasis mine):
# ca_cert: File path to CA certificate file (PEM/DER). This file can have one
# or more trusted CA certificates. If ca_cert and ca_path are not
# included, server certificate will not be verified. This is insecure and
# a trusted CA certificate should always be configured when using
# EAP-TLS/TTLS/PEAP. Full path should be used since working directory may
# change when wpa_supplicant is run in the background.
Related videos on Youtube
![Monstieur](https://i.stack.imgur.com/6T1Bg.jpg?s=256&g=1)
Monstieur
Updated on September 18, 2022Comments
-
Monstieur almost 2 years
How do I make wpa_supplicant accept any server certificate for PEAP MSCHAPv2 without having to manually put the public key in the client config?
-
sleske over 9 yearsIt should be pointed out that doing this can be a major security risk: When using username/password authentication, the client will broadcast its username and password to any fake AP, making them easy to harvest.
-