eap_peer_config::private_key field

private_key - File path to client private key file (PEM/DER/PFX) When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be commented out. Both the private key and certificate will be read from the PKCS#12 file in this case. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background. Windows certificate store can be used by leaving client_cert out and configuring private_key in one of the following formats: cert://substring_to_match hash://certificate_thumbprint_in_hex For example: private_key="hash://63093aa9c47f56ae88334c7b65a4" Note that when running wpa_supplicant as an application, the user certificate store (My user account) is used, whereas computer store (Computer account) is used when running wpasvc as a service. Alternatively, a named configuration blob can be used by setting this to blob://blob_name.