eapUserPrivateKey

Value Type

word

Default Value

This testvar must be explicitly defined in the configuration file

This testvar can appear multiple times in a configuration file. Each instance must take the form eapUserPrivateKey with starting at 1.

Description

Multiple EAP credential sets can be defined for authentication. The first EAP credential set is automatically assigned default values which can be overridden if desired. All of the other EAP credential sets are undefined by default.

Each EAP credential set is comprised of one or more of the following testvars. At a minimum the EAP Identity must be defined to enable an EAP credential set. If all of the testvars are defined for a given EAP credential set, then that set can be used for all of CDRouter’s supported EAP methods.

  • eapIdentity* - EAP Identity/username.

  • eapPassword* - Corresponding password for EAP Identity/username.

  • eapUserCertPath* - Pathname to X.509 certificate. This file must be in PEM format.

  • eapUserCertPassword* - Password used to decrypt the X.509 certificate’s private key.

  • eapUserPrivateKey* - Pathname to X.509 certificate’s private key. This testvar is optional if both the X.509 certificate and it’s private key are stored in the same file. This file must be in PEM format.

To be able to use one of the supported EAP methods, the following EAP credential testvars must be defined.

EAP-MD5, EAP-PEAP and EAP-TTLS testvars:

  • eapIdentity*
  • eapPassword*

EAP-TLS testvars:

  • eapIdentity*
  • eapUserCertPath*
  • eapUserCertPassword*
  • eapUserPrivateKey*

EAP-AKA and EAP-SIM testvars:

  • eapIdentity*

Note: Some of the tests will use all of the configured EAP credential sets. The * should be replaced with the instance number of the EAP credential set.