1# EAP-TLS using private key and certificates via OpenSSL PKCS#11 engine and 2# openCryptoki (e.g., with TPM token) 3 4# This example uses following PKCS#11 objects: 5# $ pkcs11-tool --module /usr/lib/opencryptoki/libopencryptoki.so -O -l 6# Please enter User PIN: 7# Private Key Object; RSA 8# label: rsakey 9# ID: 04 10# Usage: decrypt, sign, unwrap 11# Certificate Object, type = X.509 cert 12# label: ca 13# ID: 01 14# Certificate Object, type = X.509 cert 15# label: cert 16# ID: 04 17 18# Configure OpenSSL to load the PKCS#11 engine and openCryptoki module 19pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so 20pkcs11_module_path=/usr/lib/opencryptoki/libopencryptoki.so 21 22network={ 23 ssid="test network" 24 key_mgmt=WPA-EAP 25 eap=TLS 26 identity="User" 27 28 # use OpenSSL PKCS#11 engine for this network 29 engine=1 30 engine_id="pkcs11" 31 32 # select the private key and certificates based on ID (see pkcs11-tool 33 # output above) 34 key_id="4" 35 cert_id="4" 36 ca_cert_id="1" 37 38 # set the PIN code; leave this out to configure the PIN to be requested 39 # interactively when needed (e.g., via wpa_gui or wpa_cli) 40 pin="123456" 41} 42