More questions on hs20/OSU keys and configuration.
greearb at candelatech.com
Tue Mar 24 16:06:32 EDT 2015
Here's another question. I think I must be using the wrong URI, since
the signup.php appears to require a session_id be present in the URL.
I was trying this configuration in the hostapd config file:
That signup.php is the same that is found in the hs20/server/www/ directory.
What is the correct URI and/or how do I get the session_id set properly?
On 03/23/2015 05:15 PM, Ben Greear wrote:
> On 03/23/2015 04:14 PM, Ben Greear wrote:
>> Now that I have OSEN working, I'm trying to get the rest of the
>> configuration cobbled together.
>> To keep openssl keys from colliding with their common-names, I'm planning to use
>> a similar naming to your examples, for instance: osu-client.foo.local
>> Hopefully I can fix up /etc/hosts or a fake local DNS to take care of resolving
>> this properly to a single IP address.
>> The hs20-osu-server.txt file never mentions actually starting the hs20_osu_server,
>> but I assume that does need to be done. And part of that seems to be configuring
>> the DB with some correct URLs and key information.
>> So, I need to create a proper sql-example.txt file and I have several questions on it.
>> ca/setup.sh does not generate spp-root-ca.der nor aaa-root-ca.der. How are these
>> supposed to be created?
>> 'osu-server' is also not found in the setup.sh script. How
>> does this name correlate to what the setup.sh is using?
>> And, same question for the 'subscription-server'?
>> Maybe subscription-server and osu-server could both be the same,
>> be called 'osu-client.$DOMAIN' and use the 'server-client' keys & certs
>> that setup.sh created? It seems that apache cannot do HTTPS virtual-hosts,
>> or at least not with any flexibility, so if I can do all of the HTTPS
>> on the same hostname that is probably best?
>> [root at ben-ota-2 hs20]# cat ../local/hs20/sql-example.txt
>> INSERT INTO osu_config(realm,field,value) VALUES('example.com','fqdn','example.com');
>> INSERT INTO osu_config(realm,field,value) VALUES('example.com','friendly_name','Example Operator');
>> INSERT INTO osu_config(realm,field,value) VALUES('example.com','spp_http_auth_url','https://subscription-server.osu.example.com/hs20/spp.php?realm=example.com');
>> INSERT INTO osu_config(realm,field,value) VALUES('example.com','trust_root_cert_url','https://osu-server.osu.example.com/hs20/files/spp-root-ca.der');
>> INSERT INTO osu_config(realm,field,value) VALUES('example.com','trust_root_cert_fingerprint','5b393a9246865569485c2605c3304e48212b449367858299beba9384c4cf4647');
> And, how are you generating these fingerprints? When I try creating SH1 or MD5 fingerprints from
> the client-server.pem, I get fewer digits. And the certs HS20-R2 document didn't offer any specifics that I saw.
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the HostAP