If you have p12 cert package, like from PfSense for example, you need to extract certs first.
# Extract CA Certificate
openssl pkcs12 -in test.p12 -cacerts -nokeys -out CA.crt
# Extract Client Certificate
openssl pkcs12 -in test.p12 -clcerts -nokeys -out client.crt
# Extract Client Key
openssl pkcs12 -in test.p12 -nocerts -out client.key
# To avoid entering the password each time, you can remove the passphrase from the private key:
openssl rsa -in client.key -out client-nopass.key
# Edit wpa_supplicant.conf file
nano /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=SI
network={
ssid="WIFI-SSID"
key_mgmt=WPA-EAP
eap=TLS
identity="your-identity"
ca_cert="/path/to/CA.crt"
client_cert="/path/to/client.crt"
private_key="/path/to/client-nopass.key"
# Uncomment the following line if your private key has a passphrase
# private_key_passwd="your-passphrase"
}
# Set permissions
chown root:root /path/to/CA.crt /path/to/client.crt /path/to/client-nopass.key
chmod 600 /path/to/CA.crt /path/to/client.crt /path/to/client-nopass.key
# Start Wifi connection
wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
# open /etc/network/interfaces and paste this:
auto wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
# Reboot Pi and connection should be established