1 # EAP-TLS using private key and certificates via OpenSSL PKCS#11 engine and 2 # openCryptoki (e.g., with TPM token) 3 4 # This example uses following PKCS#11 objects: 5 # $ pkcs11-tool --module /usr/lib/opencryptoki/libopencryptoki.so -O -l 6 # Please enter User PIN: 7 # Private Key Object; RSA 8 # label: rsakey 9 # ID: 04 10 # Usage: decrypt, sign, unwrap 11 # Certificate Object, type = X.509 cert 12 # label: ca 13 # ID: 01 14 # Certificate Object, type = X.509 cert 15 # label: cert 16 # ID: 04 17 18 # Configure OpenSSL to load the PKCS#11 engine and openCryptoki module 19 pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so 20 pkcs11_module_path=/usr/lib/opencryptoki/libopencryptoki.so 21 22 network={ 23 ssid="test network" 24 key_mgmt=WPA-EAP 25 eap=TLS 26 identity="User" 27 28 # use OpenSSL PKCS#11 engine for this network 29 engine=1 30 engine_id="pkcs11" 31 32 # select the private key and certificates based on ID (see pkcs11-tool 33 # output above) 34 key_id="4" 35 cert_id="4" 36 ca_cert_id="1" 37 38 # set the PIN code; leave this out to configure the PIN to be requested 39 # interactively when needed (e.g., via wpa_gui or wpa_cli) 40 pin="123456" 41 } 42
