Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

manpage: add section on embedding PEMs in settings

This commit is contained in:
James Prestwood 2019-10-25 12:11:32 -04:00 committed by Denis Kenzior
parent 624533e9c4
commit 8c3c81716f
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/iwd.network.rst
View File

@ -235,6 +235,33 @@ authentication configuration.
method's negotiation is encrypted, a secure identity string can be
provided.
Embedded PEMs
-------------
Rather than including an absolute path to a PEM file (for certs or keys), the
PEM itself can be included inside the settings file and referenced directly.
This allows 8021x network provisioning using a single file without any
references to certificates/keys on the system.
An embedded PEM can appear anywhere in the settings file using the following
format (this example the PEM is named 'my_ca_cert'):
.. code-block::
[@pem@my_ca_cert]
----- BEGIN CERTIFICATE -----
<PEM data>
----- END CERTIFICATE -----
After this special group tag its as simple as pasting in a PEM file including
the BEGIN/END tags. Now 'my_ca_cert' can be used to reference the certificate
elsewhere in the settings file by prefixing the value with 'embed:'
EAP-TLS-CACert=embed:my_ca_cert
This is not limited to CA Certs either. Client certs, client keys (encrypted
or not), and certificate chains can be included.
SEE ALSO
========