How to connect to a Wi-Fi network via command line in Linux

The most easiest way to connect to a wireless network in Linux is by using Network Manager’s GUI, but in this tutorial we will learn how to connect via CLI, root privileges are required, tested on Debian 9.6.

1. Install the software

apt-get install wireless-tools wpasupplicant

2. Make sure your network card was detected, in this example my wireless card is wlan0.
If your wireless card is not detected please check this guide ->

wlan0     unassociated  ESSID:""  Nickname:"<WIFI@REALTEK>"
          Mode:Managed  Frequency=2.412 GHz  Access Point: Not-Associated   
          Retry:off   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality:0  Signal level:0  Noise level:0
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

lo        no wireless extensions.

eth0      no wireless extensions.

3. Create wpa_supplicant.conf based on your SSID and password.

wpa_passphrase YourSSID >> /etc/wpa_supplicant.conf

Enter your password and press Enter, passphrase must be 8 – 63 characters.


4. Authenticate to your network

wpa_supplicant -D wext -i wlan0 -B -c /etc/wpa_supplicant.conf

5. Check if you are authenticated, you should have an Access Point associated.

iwconfig wlan0
wlan0     IEEE 802.11bgn  ESSID:"YourSSID"  Nickname:"<WIFI@REALTEK>"
          Mode:Managed  Frequency:2.432 GHz  Access Point: 11:22:33:AA:BB:CC   
          Bit Rate:72.2 Mb/s   Sensitivity:0/0  
          Retry:off   RTS thr:off   Fragment thr:off
          Encryption key:****-****-****-****-****-****-****-****   Security mode:open
          Power Management:off
          Link Quality=100/100  Signal level=100/100  Noise level=0/100
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

Note: If you have issues while authenticating please check syslog.

6. Request or set IP address.
Now that you are authenticated to communicate with your network you must have an IP address, you must request it from a DHCP server or manually set.
Note: If you are using netplan please skip this step and check


dhclient -nw wlan0

b) Set IP address, default gateway and DNS server

ip addr add dev wlan0
ip route add default via
echo "nameserver" > /etc/resolv.conf

How to generate self signed certificates for Apache2

In this tutorial we will create and use a self signed certificate in Apache2.
A self signed certificate as the name suggests is emitted and signed by the same entity. Technically we will sign the certificate with our own private key.

Self signed certificates should be used only internally, as you see in the image below, browsers will flag the website as not secure, because the certificate is not signed by a trusted authority.

This tutorial was tested on Debian 9.6, root privileges are required.

1. Create cert in the apache2 configuration directory

mkdir /etc/apache2/cert

2. Create the private key and sign the certificate, valid for 365 days.
You will be asked to enter information that will be incorporated into your certificate.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/cert/default-self.key -out /etc/apache2/cert/default-self.crt

3. Enable the ssl module for Apache2

a2enmod ssl

4. Edit /etc/apache2/sites-enabled/default-ssl.conf with the following configuration, in my example I use as ServerAlias.

NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot /var/www/html/
<Directory /var/www/html>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
ErrorLog ${APACHE_LOG_DIR}/error_ssl.log
CustomLog ${APACHE_LOG_DIR}/access_ssl.log combined
SSLEngine on
SSLCertificateKeyFile /etc/apache2/cert/default-self.key
SSLCertificateFile /etc/apache2/cert/default-self.crt

4. Enable default-ssl site

a2ensite default-ssl

5. Reload Apache2

systemctl reload apache2

6. Check the certificate

echo | openssl s_client -servername -connect 2> /dev/null | openssl x509 -text