--- src/iwd.network.rst | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/src/iwd.network.rst b/src/iwd.network.rst index 75b8297a..2410aa57 100644 --- a/src/iwd.network.rst +++ b/src/iwd.network.rst @@ -235,6 +235,33 @@ authentication configuration. method's negotiation is encrypted, a secure identity string can be provided. +Embedded PEMs +------------- + +Rather than including an absolute path to a PEM file (for certs or keys), the +PEM itself can be included inside the settings file and referenced directly. +This allows 8021x network provisioning using a single file without any +references to certificates/keys on the system. + +An embedded PEM can appear anywhere in the settings file using the following +format (this example the PEM is named 'my_ca_cert'): + +.. code-block:: + + [@pem@my_ca_cert] + ----- BEGIN CERTIFICATE ----- + <PEM data> + ----- END CERTIFICATE ----- + +After this special group tag its as simple as pasting in a PEM file including +the BEGIN/END tags. Now 'my_ca_cert' can be used to reference the certificate +elsewhere in the settings file by prefixing the value with 'embed:' + +EAP-TLS-CACert=embed:my_ca_cert + +This is not limited to CA Certs either. Client certs, client keys (encrypted +or not), and certificate chains can be included. + SEE ALSO ======== -- 2.21.0