Created
January 8, 2025 20:21
-
-
Save RocketRene/290482efa34e7a31664f033c4b587034 to your computer and use it in GitHub Desktop.
HTW Berlin: eduroam/easyroam setup script for Linux (Ubuntu/Fedora) using NetworkManager and PKCS12 certificates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This script is generating an eduroam network configuration using NetworkManager. | |
| # At first, you have to generate an easyroam profile on https://www.easyroam.de/ that | |
| # is generating an pkcs12 file as input for this script. | |
| # Usage: bash configure-eduroam-with-easyroam.sh <YOUR-PKCS12-File> | |
| set -e | |
| # check for nmcli | |
| if ! type nmcli >/dev/null 2>&1; then | |
| echo "" | |
| echo "ERROR: nmcli not found!" >&2 | |
| echo "This wizard assumes that your network connections are managed by NetworkManager." >&2 | |
| echo "" | |
| exit 1 | |
| fi | |
| # check for wifi device | |
| if ! nmcli -g TYPE,DEVICE device | grep wifi >/dev/null; then | |
| echo "" | |
| echo "ERROR: Unable to find any wifi device!" >&2 | |
| echo "" | |
| exit 1 | |
| fi | |
| # check input file | |
| if [ -z "$1" ]; then | |
| echo "" | |
| echo "Your pkcs12 file is missed as input parameter." | |
| echo "" | |
| exit 1 | |
| else | |
| InputFile="$1" | |
| fi | |
| # set openssl legacy options if necessary | |
| LegacyOption= | |
| OpenSSLversion=$(openssl version | awk '{print $2}' | sed -e 's/\..*$//') | |
| if [ "$OpenSSLversion" -eq "3" ]; then | |
| LegacyOption="-legacy" | |
| fi | |
| # check pkcs12 file | |
| Pwd="pkcs12" | |
| if ! openssl pkcs12 -in "$InputFile" $LegacyOption -info -passin pass: -passout pass:"$Pwd" > /dev/null 2>&1; then | |
| echo "" | |
| echo "ERROR: The given input file does not seem to be a valid pkcs12 file." | |
| echo "" | |
| exit 1 | |
| fi | |
| # configure parameters | |
| WLANName="eduroam" | |
| ConfDir="$HOME/.easyroam" | |
| [ -d "$ConfDir" ] || mkdir -p "$ConfDir" | |
| # extract key, cert, ca and identity | |
| openssl pkcs12 -in "$InputFile" $LegacyOption -nokeys -passin pass: -out "$ConfDir/easyroam_client_cert.pem" | |
| openssl pkcs12 -in "$InputFile" $LegacyOption -nocerts -passin pass: -passout pass:"$Pwd" -out "$ConfDir/easyroam_client_key.pem" | |
| openssl pkcs12 -info -in "$InputFile" $LegacyOption -nokeys -passin pass: -out "$ConfDir/easyroam_root_ca.pem" > /dev/null 2>&1 | |
| Identity=$(openssl x509 -noout -in "$ConfDir/easyroam_client_cert.pem" -subject | awk -F \, '{print $1}' | sed -e 's/.*=//' -e 's/\s*//') | |
| # Remove existing connections | |
| nmcli connection show | \ | |
| awk '$1==c{ print $2 }' c="$WLANName" | \ | |
| xargs -rn1 nmcli connection delete uuid | |
| # Create new connection | |
| nmcli connection add \ | |
| type wifi \ | |
| con-name "$WLANName" \ | |
| ssid "$WLANName" \ | |
| -- \ | |
| wifi-sec.key-mgmt wpa-eap \ | |
| 802-1x.eap tls \ | |
| 802-1x.identity "$Identity" \ | |
| 802-1x.ca-cert "$ConfDir/easyroam_root_ca.pem" \ | |
| 802-1x.client-cert "$ConfDir/easyroam_client_cert.pem" \ | |
| 802-1x.private-key-password "$Pwd" \ | |
| 802-1x.private-key "$ConfDir/easyroam_client_key.pem" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment