| 1234567891011121314151617181920212223242526272829303132333435363738394041 |
- # EAP-TLS using private key and certificates via OpenSSL PKCS#11 engine and
- # openCryptoki (e.g., with TPM token)
- # This example uses following PKCS#11 objects:
- # $ pkcs11-tool --module /usr/lib/opencryptoki/libopencryptoki.so -O -l
- # Please enter User PIN:
- # Private Key Object; RSA
- # label: rsakey
- # ID: 04
- # Usage: decrypt, sign, unwrap
- # Certificate Object, type = X.509 cert
- # label: ca
- # ID: 01
- # Certificate Object, type = X.509 cert
- # label: cert
- # ID: 04
- # Configure OpenSSL to load the PKCS#11 engine and openCryptoki module
- pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so
- pkcs11_module_path=/usr/lib/opencryptoki/libopencryptoki.so
- network={
- ssid="test network"
- key_mgmt=WPA-EAP
- eap=TLS
- identity="User"
- # use OpenSSL PKCS#11 engine for this network
- engine=1
- engine_id="pkcs11"
- # select the private key and certificates based on ID (see pkcs11-tool
- # output above)
- key_id="4"
- cert_id="4"
- ca_cert_id="1"
- # set the PIN code; leave this out to configure the PIN to be requested
- # interactively when needed (e.g., via wpa_gui or wpa_cli)
- pin="123456"
- }
|
