Installing Easyroam with wpa_supplicant

Downloading the certificate

Download the certificate at the easyroam portal.

Extracting the individual components

Client certificate

openssl pkcs12 -in my_easyroam_cert.p12 -legacy -nokeys > easyroam_client_cert.pem

Private key

openssl pkcs12 -legacy -in my_easyroam_cert.p12 -nodes -nocerts | openssl rsa -aes256 -out easyroam_client_key.pem

RootCA certificate

openssl pkcs12 -in my_easyroam_cert.p12 -cacerts > easyroam_root_ca.pem

Setting the wpa_supplicant configuration

description='easyroam connection'
Interface=wlan0
Connection=wireless
Security='wpa-configsection'
IP='dhcp'
WPAConfigSection=(
    'ssid="eduroam"'
    'key_mgmt=WPA-EAP'
    'eap=TLS'
    'proto=WPA RSN'
    'identity="76673789883214453797@easyroam.realm_der_einrichtung.tld"'   # Hier muss der CN (Common Name) aus dem easyroam Pseudozertifikat stehen!
    'client_cert="/etc/netctl/cert/easyroam_client_cert.pem"'
    'private_key="/etc/netctl/cert/easyroam_client_key.pem"'
    'private_key_passwd="FORYOUREYSEONLY"'
    'ca_cert="/etc/netctl/cert/easyroam_root_ca.pem"'
    'ca_cert2="/etc/netctl/cert/easyroam_root_ca.pem"'
)

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search