More questions on hs20/OSU keys and configuration.
Ben Greear
greearb at candelatech.com
Mon Mar 23 19:14:05 EDT 2015
Now that I have OSEN working, I'm trying to get the rest of the
configuration cobbled together.
To keep openssl keys from colliding with their common-names, I'm planning to use
a similar naming to your examples, for instance: osu-client.foo.local
Hopefully I can fix up /etc/hosts or a fake local DNS to take care of resolving
this properly to a single IP address.
The hs20-osu-server.txt file never mentions actually starting the hs20_osu_server,
but I assume that does need to be done. And part of that seems to be configuring
the DB with some correct URLs and key information.
So, I need to create a proper sql-example.txt file and I have several questions on it.
ca/setup.sh does not generate spp-root-ca.der nor aaa-root-ca.der. How are these
supposed to be created?
'osu-server' is also not found in the setup.sh script. How
does this name correlate to what the setup.sh is using?
And, same question for the 'subscription-server'?
Maybe subscription-server and osu-server could both be the same,
be called 'osu-client.$DOMAIN' and use the 'server-client' keys & certs
that setup.sh created? It seems that apache cannot do HTTPS virtual-hosts,
or at least not with any flexibility, so if I can do all of the HTTPS
on the same hostname that is probably best?
[root at ben-ota-2 hs20]# cat ../local/hs20/sql-example.txt
INSERT INTO osu_config(realm,field,value) VALUES('example.com','fqdn','example.com');
INSERT INTO osu_config(realm,field,value) VALUES('example.com','friendly_name','Example Operator');
INSERT INTO osu_config(realm,field,value) VALUES('example.com','spp_http_auth_url','https://subscription-server.osu.example.com/hs20/spp.php?realm=example.com');
INSERT INTO osu_config(realm,field,value) VALUES('example.com','trust_root_cert_url','https://osu-server.osu.example.com/hs20/files/spp-root-ca.der');
INSERT INTO osu_config(realm,field,value) VALUES('example.com','trust_root_cert_fingerprint','5b393a9246865569485c2605c3304e48212b449367858299beba9384c4cf4647');
INSERT INTO osu_config(realm,field,value) VALUES('example.com','aaa_trust_root_cert_url','https://osu-server.osu.example.com/hs20/files/aaa-root-ca.der');
INSERT INTO osu_config(realm,field,value)
VALUES('example.com','aaa_trust_root_cert_fingerprint','5b393a9246865569485c2605c3304e48212b449367858299beba9384c4cf4647');
INSERT INTO osu_config(realm,field,value) VALUES('example.com','free_account','free');
INSERT INTO osu_config(realm,field,value) VALUES('example.com','policy_url','https://subscription-server.osu.example.com/hs20/spp.php?realm=example.com');
INSERT INTO osu_config(realm,field,value) VALUES('example.com','remediation_url','https://subscription-server.osu.example.com/hs20/remediation.php?session_id=');
INSERT INTO osu_config(realm,field,value)
VALUES('example.com','free_remediation_url','https://subscription-server.osu.example.com/hs20/free-remediation.php?session_id=');
INSERT INTO osu_config(realm,field,value) VALUES('example.com','signup_url','https://subscription-server.osu.example.com/hs20/signup.php?session_id=');
INSERT INTO users(identity,realm,methods,password,phase2,shared) VALUES('free','example.com','TTLS-MSCHAPV2','free',1,1);
INSERT INTO wildcards(identity,methods) VALUES('','TTLS,TLS');
Thanks,
Ben
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the HostAP
mailing list