Lines Matching full:certificate
135 # cert_in_cb - Whether to include a peer certificate dump in events
137 # its certificate chain are included in EAP peer certificate events. This is
442 # ca_cert: CA certificate for Interworking network selection
444 # client_cert: File path to client certificate file (PEM/DER)
446 # where client certificate/private key is used for authentication
455 # commented out. Both the private key and certificate will be read
460 # Windows certificate store can be used by leaving client_cert out and
470 # certificate store (My user account) is used, whereas computer store
560 # ocsp: Whether to use/require OCSP to check server certificate
561 # 0 = do not use OCSP stapling (TLS certificate status extension)
808 # TLS = EAP-TLS (client and server certificate)
830 # ca_cert: File path to CA certificate file (PEM/DER). This file can have one
832 # included, server certificate will not be verified. This is insecure and
833 # a trusted CA certificate should always be configured when using
838 # certificate (SHA-256 hash of the DER encoded X.509 certificate). In
839 # this case, the possible CA certificates in the server certificate chain
840 # are ignored and only the server certificate is verified. This is
847 # certificate store by setting this to cert_store://<name>, e.g.,
850 # certificate store (My user account) is used, whereas computer store
852 # ca_path: Directory path for CA certificate files (PEM). This path may
858 # client_cert: File path to client certificate file (PEM/DER)
865 # commented out. Both the private key and certificate will be read from
868 # Windows certificate store can be used by leaving client_cert out and
874 # certificate store (My user account) is used, whereas computer store
889 # authentication server certificate. If this string is set, the server
898 # the alternative subject name of the authentication server certificate.
906 # used as a suffix match requirement for the AAAserver certificate in
913 # domain_suffix_match shall be included in the certificate. The
914 # certificate may include additional sub-level labels in addition to the
921 # server certificate in SubjectAltName dNSName element(s). If a
975 # tls_allow_md5=1 - allow MD5-based certificate signatures (depending on the
978 # tls_disable_time_checks=1 - ignore certificate validity time (this requests
994 # Following certificate/private key fields are used in inner Phase2
996 # ca_cert2: File path to CA certificate file. This file can have one or more
998 # server certificate will not be verified. This is insecure and a trusted
999 # CA certificate should always be configured.
1000 # ca_path2: Directory path for CA certificate files (PEM)
1001 # client_cert2: File path to client certificate file
1006 # authentication server certificate. See subject_match for more details.
1009 # certificate. See altsubject_match documentation for more details.
1020 # ocsp: Whether to use/require OCSP to check server certificate
1021 # 0 = do not use OCSP stapling (TLS certificate status extension)
1236 # WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner
1462 # matching the client certificate configured above.
1477 # Example configuration showing how to use an inlined blob as a CA certificate
