2022-11-11 04:40:02 -05:00
|
|
|
| Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-S2 | ESP32-S3 |
|
|
|
|
| ----------------- | ----- | -------- | -------- | -------- | -------- |
|
2022-05-20 05:50:08 -04:00
|
|
|
|
2017-01-11 05:20:01 -05:00
|
|
|
# WPA2 Enterprise Example
|
|
|
|
|
2021-09-06 08:23:30 -04:00
|
|
|
This example shows how ESP32 connects to AP with Wi-Fi enterprise encryption. The example does the following steps:
|
2017-01-11 05:20:01 -05:00
|
|
|
|
|
|
|
1. Install CA certificate which is optional.
|
|
|
|
2. Install client certificate and client key which is required in TLS method and optional in PEAP and TTLS methods.
|
|
|
|
3. Set identity of phase 1 which is optional.
|
|
|
|
4. Set user name and password of phase 2 which is required in PEAP and TTLS methods.
|
|
|
|
5. Enable wpa2 enterprise.
|
|
|
|
6. Connect to AP.
|
|
|
|
|
2021-09-06 08:23:30 -04:00
|
|
|
*Note:* 1. The certificates currently are generated and are present in examples/wifi/wifi_enterprise/main folder.
|
2017-06-07 04:18:09 -04:00
|
|
|
2. The expiration date of the certificates is 2027/06/05.
|
2021-09-06 08:23:30 -04:00
|
|
|
3. In case using suite-b, please use appropriate certificates such as RSA-3072 or p384 EC certificates.
|
2017-01-11 05:20:01 -05:00
|
|
|
|
2020-09-10 01:16:43 -04:00
|
|
|
The steps to create new certificates are given below.
|
|
|
|
|
2021-09-06 08:23:30 -04:00
|
|
|
## The file ca.pem, ca.key, server.pem, server.crt and server.key can be used to configure AP with enterprise encryption.
|
2020-09-10 01:16:43 -04:00
|
|
|
|
|
|
|
## How to use Example
|
|
|
|
|
|
|
|
### Configuration
|
|
|
|
|
|
|
|
```
|
|
|
|
idf.py menuconfig
|
|
|
|
```
|
|
|
|
* Set SSID of Access Point to connect in Example Configuration.
|
|
|
|
* Select EAP method (TLS, TTLS or PEAP).
|
|
|
|
* Select Phase2 method (only for TTLS).
|
|
|
|
* Enter EAP-ID.
|
|
|
|
* Enter Username and Password (only for TTLS and PEAP).
|
|
|
|
* Enable or disable Validate Server option.
|
|
|
|
|
|
|
|
### Build and Flash the project.
|
|
|
|
|
|
|
|
```
|
|
|
|
idf.py -p PORT flash monitor
|
|
|
|
```
|
|
|
|
|
2021-09-06 08:23:30 -04:00
|
|
|
## Steps to create enterprise openssl certs
|
2020-09-10 01:16:43 -04:00
|
|
|
|
|
|
|
1. make directry tree
|
|
|
|
|
|
|
|
mkdir demoCA
|
|
|
|
mkdir demoCA/newcerts
|
|
|
|
mkdir demoCA/private
|
|
|
|
sh -c "echo '01' > ./demoCA/serial"
|
|
|
|
touch ./demoCA/index.txt
|
2022-05-20 05:50:08 -04:00
|
|
|
touch xpextensions
|
2020-09-10 01:16:43 -04:00
|
|
|
|
2022-05-20 05:50:08 -04:00
|
|
|
add following lines in xpextensions file
|
2020-09-10 01:16:43 -04:00
|
|
|
|
|
|
|
[ xpclient_ext ]
|
|
|
|
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
|
|
|
|
|
|
|
|
[ xpserver_ext ]
|
|
|
|
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
|
|
|
|
|
|
|
|
2. ca.pem: root certificate, foundation of certificate verigy
|
2021-09-06 08:23:30 -04:00
|
|
|
openssl req -new -x509 -keyout ca.key -out ca.pem
|
2020-09-10 01:16:43 -04:00
|
|
|
|
|
|
|
3. generate rsa keys for client and server
|
2021-09-06 08:23:30 -04:00
|
|
|
openssl genrsa -out client.key 2048
|
|
|
|
openssl genrsa -out server.key 2048
|
2020-09-10 01:16:43 -04:00
|
|
|
|
|
|
|
4. generate certificate signing req for both client and server
|
2021-09-06 08:23:30 -04:00
|
|
|
openssl req -new -key client.key -out client.csr
|
|
|
|
openssl req -new -key server.key -out server.csr
|
2020-09-10 01:16:43 -04:00
|
|
|
|
|
|
|
5. create certs (.crt) for client nd server
|
2023-02-21 05:18:30 -05:00
|
|
|
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key (password) -out client.crt -extensions xpclient_ext -extfile xpextensions
|
2021-09-06 08:23:30 -04:00
|
|
|
openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key (password) -out server.crt -extensions xpserver_ext -extfile xpextensions
|
2020-09-10 01:16:43 -04:00
|
|
|
|
|
|
|
6. export .p12 files
|
2021-09-06 08:23:30 -04:00
|
|
|
openssl pkcs12 -export -out client.p12 -inkey client.key -in client.crt
|
|
|
|
openssl pkcs12 -export -out server.p12 -inkey server.key -in server.crt
|
2020-09-10 01:16:43 -04:00
|
|
|
|
|
|
|
7. create .pem files
|
2021-09-06 08:23:30 -04:00
|
|
|
openssl pkcs12 -in client.p12 -out client.pem
|
|
|
|
openssl pkcs12 -in server.p12 -out server.pem
|
2020-09-10 01:16:43 -04:00
|
|
|
|
2022-05-20 05:50:08 -04:00
|
|
|
|
2017-01-11 05:20:01 -05:00
|
|
|
|
|
|
|
### Example output
|
|
|
|
|
|
|
|
Here is an example of wpa2 enterprise(PEAP method) console output.
|
2020-09-10 01:16:43 -04:00
|
|
|
```
|
2017-01-11 05:20:01 -05:00
|
|
|
I (1352) example: Setting WiFi configuration SSID wpa2_test...
|
|
|
|
I (1362) wpa: WPA2 ENTERPRISE VERSION: [v2.0] enable
|
|
|
|
|
|
|
|
I (1362) wifi: rx_ba=1 tx_ba=1
|
|
|
|
|
|
|
|
I (1372) wifi: mode : sta (24:0a:c4:03:b8:dc)
|
|
|
|
I (3002) wifi: n:11 0, o:1 0, ap:255 255, sta:11 0, prof:11
|
|
|
|
I (3642) wifi: state: init -> auth (b0)
|
|
|
|
I (3642) wifi: state: auth -> assoc (0)
|
|
|
|
I (3652) wifi: state: assoc -> run (10)
|
|
|
|
I (3652) wpa: wpa2_task prio:24, stack:6144
|
|
|
|
|
|
|
|
I (3972) wpa: >>>>>wpa2 FINISH
|
|
|
|
|
|
|
|
I (3982) wpa: wpa2 task delete
|
|
|
|
|
|
|
|
I (3992) wifi: connected with wpa2_test, channel 11
|
|
|
|
I (5372) example: ~~~~~~~~~~~
|
|
|
|
I (5372) example: IP:0.0.0.0
|
|
|
|
I (5372) example: MASK:0.0.0.0
|
|
|
|
I (5372) example: GW:0.0.0.0
|
|
|
|
I (5372) example: ~~~~~~~~~~~
|
|
|
|
I (6832) event: ip: 192.168.1.112, mask: 255.255.255.0, gw: 192.168.1.1
|
|
|
|
I (7372) example: ~~~~~~~~~~~
|
|
|
|
I (7372) example: IP:192.168.1.112
|
|
|
|
I (7372) example: MASK:255.255.255.0
|
|
|
|
I (7372) example: GW:192.168.1.1
|
|
|
|
I (7372) example: ~~~~~~~~~~~
|
|
|
|
I (9372) example: ~~~~~~~~~~~
|
|
|
|
I (9372) example: IP:192.168.1.112
|
|
|
|
I (9372) example: MASK:255.255.255.0
|
|
|
|
I (9372) example: GW:192.168.1.1
|
|
|
|
I (9372) example: ~~~~~~~~~~~
|
2020-09-10 01:16:43 -04:00
|
|
|
```
|