Connecting to your WPA2-Enterprise WiFi using EAP-TLS

Find out your domain

• Find your server certificate, this is NOT the CA certificate, but rather the certificate stored somewhere on the server. This is named server.pem by default on freeradius.
• To find the domain, run the command:

openssl x509 -noout -subject -in server.pem

• You will get output like:

subject= /C=XX/ST=Atlantis/O=Nagai Industries/CN=Nagai Industries Server Certificate

• In that case your “domain” is “Nagai Industries Server Certificate”.

Android 11

• Go to ‘Install a certificate’ in the settings, there should be three options, ‘CA certificate’, ‘VPN and app user certificate’ and ‘Wi-Fi certificate’.
• Choose the Wi-Fi one and select the CA certificate which should be a .pem file. Name it something suitable.
• Either leave the domain blank or enter the it as above (this may be mandatory in some versions).
• Next do the same, but choose the user certificate, which should be a .p12 file, enter the password if necessary and name it the appropriate user@realm then press OK.
• Connect to the network, choose TLS, for the CA certificate choose the one installed above, select ‘do not validate’.
• Finally select the user certificate and enter the appropriate user@realm as the identity.

KDE

• Click to connect to the network.
• Go to the Wi-Fi security tab.
• Set the authentication method to TLS.
• Enter ‘user@realm’ as the identity.
• Leave the domain blank or enter it as above.
• Choose the .pem file as your user certificate.
• Select the CA certificate.
• Choose the .p12 file as your private key, and enter the password.