Certificate workflow
- create the private key:
certtool \ --generate-privkey \ --rsa \ --bits 2048 \ --pkcs8 \ --pkcs-cipher aes-128 \ --password '' \ --outfile ./key.pem
- create the certificate request:
certtool \ --generate-request \ --pkcs8 \ --load-privkey ./key.pem \ --outfile ./csr.pem \ --template /dev/stdin <<EOS cn = "Ciprian Dorin Craciun (EduRoam)" organization = "Universitatea de Vest din Timisoara" unit = "Facultatea de Matematica si Informatica" locality = "Timisoara" state = "Timis" country = "RO" email = "ciprian.craciun@e-uvt.ro" encryption_key signing_key EOS
- (optionally) sign the request with PGP:
gpg2 --detach-sign --armor ./csr.pem
receive the certificate (named crt.pem);
Configure `wpa_supplicant`
network={ ssid="eduroam" scan_ssid=1 key_mgmt=WPA-EAP eap=TTLS TLS identity="ciprian.craciun@e-uvt.ro" phase2="autheap=tls" ca_cert="./certificates/eduroam--ca.pem" client_cert="./certificates/eduroam--crt.pem" private_key="./certificates/eduroam--key.pem" priority=249 }