42 lines
1.1 KiB
Text
42 lines
1.1 KiB
Text
|
# EAP-TLS using private key and certificates via OpenSSL PKCS#11 engine and
|
||
|
|
# openCryptoki (e.g., with TPM token)
|
||
|
|
|
||
|
|
# This example uses following PKCS#11 objects:
|
||
|
|
# $ pkcs11-tool --module /usr/lib/opencryptoki/libopencryptoki.so -O -l
|
||
|
|
# Please enter User PIN:
|
||
|
|
# Private Key Object; RSA
|
||
|
|
# label: rsakey
|
||
|
|
# ID: 04
|
||
|
|
# Usage: decrypt, sign, unwrap
|
||
|
|
# Certificate Object, type = X.509 cert
|
||
|
|
# label: ca
|
||
|
|
# ID: 01
|
||
|
|
# Certificate Object, type = X.509 cert
|
||
|
|
# label: cert
|
||
|
|
# ID: 04
|
||
|
|
|
||
|
|
# Configure OpenSSL to load the PKCS#11 engine and openCryptoki module
|
||
|
|
pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so
|
||
|
|
pkcs11_module_path=/usr/lib/opencryptoki/libopencryptoki.so
|
||
|
|
|
||
|
|
network={
|
||
|
|
ssid="test network"
|
||
|
|
key_mgmt=WPA-EAP
|
||
|
|
eap=TLS
|
||
|
|
identity="User"
|
||
|
|
|
||
|
|
# use OpenSSL PKCS#11 engine for this network
|
||
|
|
engine=1
|
||
|
|
engine_id="pkcs11"
|
||
|
|
|
||
|
|
# select the private key and certificates based on ID (see pkcs11-tool
|
||
|
|
# output above)
|
||
|
|
key_id="4"
|
||
|
|
cert_id="4"
|
||
|
|
ca_cert_id="1"
|
||
|
|
|
||
|
|
# set the PIN code; leave this out to configure the PIN to be requested
|
||
|
|
# interactively when needed (e.g., via wpa_gui or wpa_cli)
|
||
|
|
pin="123456"
|
||
|
|
}
|