How to Connect a Raspberry Pi to WPI Wireless

In order to connect to WPI-Wireless, you need to install certificates. It’s generally straightforward for x86 platforms but could be difficult for ARM devices like Raspberry Pi (RPi), if you’re not particularly familar with network configurations and Linux.

The instructions in this article were tested in the following environment.

• Platform: Raspberry Pi 3 Model B
• OS: Raspbian Stretch with Desktop 2017-09-07
• Test Date: 10/03/2017

Note: The instructions should apply to different models of Raspberry Pi and all recent releases of Raspbian or similar Debian-based OS. But it’s possible that configurations need to be changed slightly.

First forget about the GUI interface on Raspbian (at top right corner of your desktop) to configure Wireless network. It’s only useful for simple network configurations and you should use command “ifconfig” to check your network status.

Register Wireless Adapter

Use command “ifconfig” to find the MAC address of the wireless adapter on your Raspberry Pi and register this device with your WPI account information. I assume you know how to do this step.

$ ifconfig

Prepare Certificate Files

1. Download certificate files

You can download the files from a computer connected to the WPI network and copy them to your RPi. Or if you could manage to connect your RPi to “WPI-Open”, you can also download to the RPi directly.

Link: https://wpi-wireless-setup.wpi.edu/enroll/WPI/Production/process

Choose “Other Operating Systems” to download the certificate files. You should get two files: one named “CA-xxxxxx.cer” and one “certificate.p12”.

You can put the file in your Home directory on RPi or somewhere else such as “/etc/rpi3/certs”. I will use “/etc/rpi3/certs” as an example below. Note that your account should be in the “sudo” group to manipulate files in “/etc” directory.

2. Process P12 to protect your WPI credentials

You will have to put your WPI password in plain text directly if you don’t do this step. That means someone else may get your password and have access to all your WPI accounts if they get your RPi.

$ cd /etc/rpi3/certs
$ sudo openssl pkcs12 -in certificate.p12 -out temp.pem -passin pass:YOUR-WPI-PASSWORD -passout pass:TEMPPASSWORD
$ sudo openssl pkcs12 -export -in temp.pem -out certificate-final.p12 -passin pass:TEMPPASSWORD -passout pass:FINALPASSWORD
$ sudo rm -rf temp.pem certificate.p12

3. Convert the P12 file to PEM

$ sudo openssl pkcs12 -in certificate-final.p12 -out certificate-final.pem -nodes

After step 2 and 3, you will have 3 files ready to use for the next step:

certificate-final.p12
certificate-final.pem
CA-xxxxxx.cer

Modify wpa_supplicant Configuration File

Now you need to tell wpa_supplicant how to use the certificate files you’ve prepared in the above steps.

$ sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

Add the WPI-Wireless configuration entry to your “wpa_supplicant.conf” file. You don’t have to delete other entries “network = {…}” in this file.

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=GB

network={
        ssid="WPI-Wireless"
        key_mgmt=WPA-EAP
        proto=WPA2
        pairwise=CCMP
        group=CCMP
        eap=TLS
        identity="YOUR-WPI-EMAIL-ADDRESS"
        ca_cert="/etc/rpi3/certs/CA-[A-LONG-STRING-OF-NUMBERS].cer"
        client_cert="/etc/rpi3/certs/certificate-final.pem"
        private_key="/etc/rpi3/certs/certificate-final.p12"
        private_key_passwd="FINALPASSWORD"
}

Note that password you use here should be the “FINALPASSWORD” you used to generate “certificate-final.p12”. It’s in plain text and that’s the reason why you shouldn’t use your WPI password directly.

Update Wireless Adapter Configuration

Add or update the following configuration for “wlan0” in “/etc/network/interfaces”

$ sudo nano /etc/network/interfaces

auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet dhcp
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

With this configuration, the “wpa_supplicant.conf” will be loaded when the wireless adapter is brought up. Now reboot your RPi and you should get connected to the WPI wireless network. Note the network icon on the desktop may not show you’re connected to the network. Use “ifconfig” command to check the connectivity and if successful you should see “wlan0” is assigned an valid IP address.

Note: you might want to reset the default password for your Raspberry Pi for security reasons. The default password is “raspberry” for user “pi”.

$ passwd

Reference:

• [1] http://www.esologic.com/?p=1088
• [2] https://it.wpi.edu/Article/Connect-to-WPI-Wireless-Using-a-Raspberry-Pi
• [3] https://wiki.debian.org/WiFi/HowToUse