Cannot get hostapd radius to authenticate OSEN connection.
j at w1.fi
Fri Mar 20 12:39:52 EDT 2015
On Fri, Mar 20, 2015 at 08:00:00AM -0700, Ben Greear wrote:
> I am generating those certs with this logic:
I'd recommend taking a look at hs20/server/ca/*. Hotspot 2.0 Rel 2 has
plenty of additional requirements for certificates. The scripts in that
directory know how to add such details. You'll also need to set up OCSP
stapling which is also something that those scripts make easier. You can
use an OSU server certificate as the AAA server certificate for OSEN
purposes (there are some extra attributes included, but those do not
harm this and you'll find your life easier if you need to figure out
just one instead of two different types of server certificates.. :).
> It still does not work, but it gets farther and complains about the cert file from what
> I can tell. I assume I must be either generating keys incorrectly or using them incorrectly:
> 1426862605.113584: SSL: SSL3 alert: read (remote end reported an error):fatal:bad certificate status response
The server did not have OCSP stapling enabled and the client required
that. See ocsp_stapling_response in hostapd/hostapd.conf.
Jouni Malinen PGP id EFC895FA
More information about the HostAP