Configuring eap-tls using nmcli

I’ve just installed Ubuntu Core 18 on an raspberry Pi3 and am trying to configure the wifi interface to connect using eap-tls

With the classic snap installed I can generate a wpa_supplicant file and everything works just fine but I’d like to have the pi connect on reboot so I downloaded the netwrok-manager snap and installed that.

looking at
snap info --verbose network-manager (see below) , I can see that nmcli has confinement set to strict. The problem is that whenever I try and configure access to a CA file or a client file I get permission denied.


nmcli con edit id eduroam
nmcli file /etc/ss/certs//etc/ssl/certs/AddTrust_External_Root.pem

So how am I supposed to use nmcli to configure wpa-tls if I can’t even look at CA files?


Output from snap info command …
name: network-manager
summary: Network management based on NetworkManager
publisher: Canonical✓
license: unset
description: |
Network management of wired ethernet, WiFi and mobile data connection based on NetworkManager and

  • network-manager.nmcli
    network-manager.networkmanager: simple, enabled, active
    private: false
    confinement: strict
    devmode: false
    jailmode: false
    trymode: false
    enabled: true
    broken: false
    ignore-validation: false
    snap-id: RmBXKl6HO6YOC2DE4G2q1JzWImC04EUy
    tracking: stable
    refresh-date: yesterday at 11:03 UTC
    stable: 1.2.2-22 (383) 4MB -
    candidate: 1.2.2-22 (383) 4MB -
    beta: 1.2.2-22 (383) 4MB -
    edge: 1.2.2-23-dev (386) 4MB -
    installed: 1.2.2-22 (383) 4MB