Difference between revisions of "Talk:Spacenet"
(→testing commandline: new section) |
(→Generate new certificates:: new section) |
||
Line 9: | Line 9: | ||
Sent Access-Request Id <SEQ> from 0.0.0.0:51116 to <RADIUS_IP>:1812 length <LEN> | Sent Access-Request Id <SEQ> from 0.0.0.0:51116 to <RADIUS_IP>:1812 length <LEN> | ||
Received Access-Accept Id <SEQ> from <RADIUS_IP>:1812 to <LOCAL_IP>:51116 length 20 | Received Access-Accept Id <SEQ> from <RADIUS_IP>:1812 to <LOCAL_IP>:51116 length 20 | ||
+ | |||
+ | == Generate new certificates: == | ||
+ | |||
+ | * Steps to check the certificate validity: <code>openssl x509 -text -noout -in ./spacenet-2023.pem</code> or simply: <code>openssl x509 -dates -noout -in ./spacenet-2023.pem</code> | ||
+ | |||
+ | I followed https://sjamso.blogspot.com/2021/03/regenerate-and-configure-ssl.html to clean up and fix the certificates: | ||
+ | |||
+ | <code>cp /usr/share/doc/freeradius/examples/certs/* /etc/freeradius/3.0/certs/</code> | ||
+ | edit <code>/etc/freeradius/3.0/certs/ca.cnf</code> | ||
+ | |||
+ | <pre> | ||
+ | [ CA_default ] | ||
+ | ... | ||
+ | default_days = 1825 | ||
+ | ... | ||
+ | [certificate_authority] | ||
+ | countryName = NL | ||
+ | stateOrProvinceName = Limburg | ||
+ | localityName = Heerlen | ||
+ | organizationName = ACKspace | ||
+ | emailAddress = realm-admin@ackspace.nl | ||
+ | commonName = "ACKspace spacenet certificate authority" | ||
+ | </pre> | ||
+ | |||
+ | edit <code>/etc/freeradius/3.0/certs/server.cnf</code>: | ||
+ | |||
+ | <pre> | ||
+ | [ CA_default ] | ||
+ | ... | ||
+ | default_days = 1825 | ||
+ | ... | ||
+ | [server] | ||
+ | countryName = NL | ||
+ | stateOrProvinceName = Limburg | ||
+ | localityName = Heerlen | ||
+ | organizationName = ACKspace | ||
+ | emailAddress = realm-admin@ackspace.nl | ||
+ | commonName = "ACKspace spacenet certificate" | ||
+ | </pre> | ||
+ | |||
+ | check certificate references in <code>/etc/freeradius/3.0/mods-enabled/eap</code>: | ||
+ | |||
+ | <pre> | ||
+ | tls-config tls-common { | ||
+ | ... | ||
+ | private_key_file = ${certdir}/server-migrated.key | ||
+ | certificate_file = ${certdir}/server-migrated.pem | ||
+ | ca_file = ${certdir}/ca-migrated.pem | ||
+ | </pre> | ||
+ | |||
+ | run: | ||
+ | <pre> | ||
+ | # cd /etc/freeradius/3.0/certs/ | ||
+ | # make ca.der | ||
+ | # make printca | ||
+ | # make dh | ||
+ | # make server.pem | ||
+ | # chown freerad:freerad * | ||
+ | # service freeradius restart | ||
+ | </pre> |
Revision as of 11:08, 3 December 2023
xopr 20:59, 9 October 2020 (CEST) I was triggered by a random tweakers article also directing to another article with an informational comment that pointed to a youtube video that triggered me to check some of the status. Since it's not 'guest' related and has a certificate: it's all good, but I wanted to store the above links anyway.
testing commandline
To test command line (with debug information and without setting up an actual accesspoint), one can use the following:
echo "User-Name=<USER>@ackspace.nl,User-Password=<CORRECT_PASS>"|/usr/bin/radclient <RADIUS_IP>:1812 auth <TOKEN> Sent Access-Request Id <SEQ> from 0.0.0.0:51116 to <RADIUS_IP>:1812 length <LEN> Received Access-Accept Id <SEQ> from <RADIUS_IP>:1812 to <LOCAL_IP>:51116 length 20
Generate new certificates:
- Steps to check the certificate validity:
openssl x509 -text -noout -in ./spacenet-2023.pem
or simply:openssl x509 -dates -noout -in ./spacenet-2023.pem
I followed https://sjamso.blogspot.com/2021/03/regenerate-and-configure-ssl.html to clean up and fix the certificates:
cp /usr/share/doc/freeradius/examples/certs/* /etc/freeradius/3.0/certs/
edit /etc/freeradius/3.0/certs/ca.cnf
[ CA_default ] ... default_days = 1825 ... [certificate_authority] countryName = NL stateOrProvinceName = Limburg localityName = Heerlen organizationName = ACKspace emailAddress = realm-admin@ackspace.nl commonName = "ACKspace spacenet certificate authority"
edit /etc/freeradius/3.0/certs/server.cnf
:
[ CA_default ] ... default_days = 1825 ... [server] countryName = NL stateOrProvinceName = Limburg localityName = Heerlen organizationName = ACKspace emailAddress = realm-admin@ackspace.nl commonName = "ACKspace spacenet certificate"
check certificate references in /etc/freeradius/3.0/mods-enabled/eap
:
tls-config tls-common { ... private_key_file = ${certdir}/server-migrated.key certificate_file = ${certdir}/server-migrated.pem ca_file = ${certdir}/ca-migrated.pem
run:
# cd /etc/freeradius/3.0/certs/ # make ca.der # make printca # make dh # make server.pem # chown freerad:freerad * # service freeradius restart