1189251Ssam# EAP-TLS using private key and certificates via OpenSSL PKCS#11 engine and 2189251Ssam# openCryptoki (e.g., with TPM token) 3189251Ssam 4189251Ssam# This example uses following PKCS#11 objects: 5189251Ssam# $ pkcs11-tool --module /usr/lib/opencryptoki/libopencryptoki.so -O -l 6189251Ssam# Please enter User PIN: 7189251Ssam# Private Key Object; RSA 8189251Ssam# label: rsakey 9189251Ssam# ID: 04 10189251Ssam# Usage: decrypt, sign, unwrap 11189251Ssam# Certificate Object, type = X.509 cert 12189251Ssam# label: ca 13189251Ssam# ID: 01 14189251Ssam# Certificate Object, type = X.509 cert 15189251Ssam# label: cert 16189251Ssam# ID: 04 17189251Ssam 18189251Ssam# Configure OpenSSL to load the PKCS#11 engine and openCryptoki module 19189251Ssampkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so 20189251Ssampkcs11_module_path=/usr/lib/opencryptoki/libopencryptoki.so 21189251Ssam 22189251Ssamnetwork={ 23189251Ssam ssid="test network" 24189251Ssam key_mgmt=WPA-EAP 25189251Ssam eap=TLS 26189251Ssam identity="User" 27189251Ssam 28189251Ssam # use OpenSSL PKCS#11 engine for this network 29189251Ssam engine=1 30189251Ssam engine_id="pkcs11" 31189251Ssam 32189251Ssam # select the private key and certificates based on ID (see pkcs11-tool 33189251Ssam # output above) 34189251Ssam key_id="4" 35189251Ssam cert_id="4" 36189251Ssam ca_cert_id="1" 37189251Ssam 38189251Ssam # set the PIN code; leave this out to configure the PIN to be requested 39189251Ssam # interactively when needed (e.g., via wpa_gui or wpa_cli) 40189251Ssam pin="123456" 41189251Ssam} 42