Today I wanted to connect a NTC C.H.I.P to my university WPA-Enterprise in headless mode.

I flashed my C.H.I.P to latest firmware, then connected to the C.H.I.P in serial using USB cable (screen /dev/ttyACM0). According to docs.getchip.com, we can then connect to WiFi APs using nmcli. Unfortunately, nmcli does not support other authentications than pre-shared key (PSK) like in WPA-Entreprise.

After quickly googling for WPA-Entreprise configuration on C.H.I.P and similar devices, I found this blog post explaining the steps required: 1. to configure the wireless interface (not required if you are using a Pi with raspbian) 2. to create wpa_supplicant.conf configuration file

I modified the wpa_supplicant as my university uis using PEAP. Also, this authentication requires a certificate file to authenticate the AP (QuoVadis_Root_CA_2.pem in my case). After adding the certificate to /etc/certs/QuoVadis_Root_CA_2.pem (I had to create the certs folder manually), I used this settings in /etc/wpa_supplicant/wpa_supplicant.conf:

network={
  ssid="<ssid>"
  key_mgmt=WPA-EAP
  auth_alg=OPEN
  eap=PEAP
  identity="<identity>"
  password="<password>"
  ca_cert="/etc/certs/QuoVadis_Root_CA_2.pem"
  phase2="MSCHAPV2"
}

Unfortunately, I couldn't connect to the internet even after reboot. After a long trial and error, I looked at the logs (cat /var/log/daemon.log | grep wpa_supplicant) and found this line: Jan 1 00:15:51 chip wpa_supplicant[212]: TLS: Certificate verification failed, error 9 (certificate is not yet valid) depth 2 for '/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2'

What? Certificate is not yet valid? Indeed, date outputs Thu Jan 1 00:19:55 UTC 1970 as the time was not set yet! Set your actual date using date +%Y%m%d -s "20161213" and reboot (or just restart networking service using sudo systemctl restart networking). You should now get internet access.