ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
fast_reauth=1
pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so
pkcs11_module_path=/usr/lib/opensc-pkcs11.so

network={
        ssid="*****"
        key_mgmt=WPA-EAP
        eap=TLS
        proto=WPA
        pairwise=TKIP
        group=TKIP
        identity="*****@******"
        ca_cert="/etc/wpa_supplicant/CA_CATCertPP_GlobalTrust.crt"
        #client_cert="/etc/cert/user.pem"

#       scan_ssid=1
        engine=1

        # The engine configured here must be available. Look at
        # OpenSSL engine support in the global section.
        # The key available through the engine must be the private key
        # matching the client certificate configured above.

        # use the opensc engine
        #engine_id="opensc"
        #key_id="45"

        # use the pkcs11 engine
        engine_id="pkcs11"
        key_id="e451d1d1197caf4c74c33d9143986a28c9c34a55"

        # Optional PIN configuration; this can be left out and PIN will be
        # asked through the control interface
        pin="****"
}