More questions on hs20/OSU keys and configuration.

Ben Greear greearb at candelatech.com
Tue Mar 24 16:06:32 EDT 2015


Here's another question.  I think I must be using the wrong URI, since
the signup.php appears to require a session_id be present in the URL.

I was trying this configuration in the hostapd config file:

osu_server_uri=https://osu-client.ben-ota-2.lanforge.local/hs20/signup.php?realm=ben-ota-2.lanforge.local

That signup.php is the same that is found in the hs20/server/www/ directory.


What is the correct URI and/or how do I get the session_id set properly?


Thanks,
Ben


On 03/23/2015 05:15 PM, Ben Greear wrote:
> On 03/23/2015 04:14 PM, Ben Greear wrote:
>> Now that I have OSEN working, I'm trying to get the rest of the
>> configuration cobbled together.
>>
>> To keep openssl keys from colliding with their common-names, I'm planning to use
>> a similar naming to your examples, for instance: osu-client.foo.local
>> Hopefully I can fix up /etc/hosts or a fake local DNS to take care of resolving
>> this properly to a single IP address.
>>
>> The hs20-osu-server.txt file never mentions actually starting the hs20_osu_server,
>> but I assume that does need to be done.  And part of that seems to be configuring
>> the DB with some correct URLs and key information.
>>
>> So, I need to create a proper sql-example.txt file and I have several questions on it.
>>
>> ca/setup.sh does not generate spp-root-ca.der nor aaa-root-ca.der.  How are these
>> supposed to be created?
>>
>> 'osu-server' is also not found in the setup.sh script.  How
>> does this name correlate to what the setup.sh is using?
>>
>> And, same question for the 'subscription-server'?
>>
>> Maybe subscription-server and osu-server could both be the same,
>> be called 'osu-client.$DOMAIN' and use the 'server-client' keys & certs
>> that setup.sh created?  It seems that apache cannot do HTTPS virtual-hosts,
>> or at least not with any flexibility, so if I can do all of the HTTPS
>> on the same hostname that is probably best?
>>
>>
>> [root at ben-ota-2 hs20]# cat ../local/hs20/sql-example.txt
>> INSERT INTO osu_config(realm,field,value) VALUES('example.com','fqdn','example.com');
>> INSERT INTO osu_config(realm,field,value) VALUES('example.com','friendly_name','Example Operator');
>> INSERT INTO osu_config(realm,field,value) VALUES('example.com','spp_http_auth_url','https://subscription-server.osu.example.com/hs20/spp.php?realm=example.com');
>> INSERT INTO osu_config(realm,field,value) VALUES('example.com','trust_root_cert_url','https://osu-server.osu.example.com/hs20/files/spp-root-ca.der');
>> INSERT INTO osu_config(realm,field,value) VALUES('example.com','trust_root_cert_fingerprint','5b393a9246865569485c2605c3304e48212b449367858299beba9384c4cf4647');
> 
> And, how are you generating these fingerprints?  When I try creating SH1 or MD5 fingerprints from
> the client-server.pem, I get fewer digits.  And the certs HS20-R2 document didn't offer any specifics that I saw.
> 
> Thanks,
> Ben
> 
> 


-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com



More information about the HostAP mailing list