fast_reauth=1

# 1. WPA-Personal (PSK) as home network and WPA-Enterprise with EAP-TLS
#    as work network.


# allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel

# home network; allow all valid ciphers
network={
     ssid="home"
     scan_ssid=1
     key_mgmt=WPA-PSK
     psk="very secret passphrase"
}

# work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers
network={
     ssid="work"
     scan_ssid=1
     key_mgmt=WPA-EAP
     pairwise=CCMP TKIP
     group=CCMP TKIP
     eap=TLS
     identity="user@example.com"
     ca_cert="/etc/cert/ca.pem"
     client_cert="/etc/cert/user.pem"
     private_key="/etc/cert/user.prv"
     private_key_passwd="password"
}