How to connect to the WPA2 EAP-TLS network: Unterschied zwischen den Versionen

aus Metalab Wiki, dem offenen Zentrum für meta-disziplinäre Magier und technisch-kreative Enthusiasten.
Zur Navigation springenZur Suche springen
(semi-automatic key generation)
K (restructure)
Zeile 1: Zeile 1:
 
== Create certificates ==
 
== Create certificates ==
 
You need to create/use a certificate to connect to the WPA2 access point.
 
You need to create/use a certificate to connect to the WPA2 access point.
  1.) connect to the unencrypted wireless network ''metalab-wpa2-certcreation''
+
# connect to the unencrypted wireless network ''metalab-wpa2-certcreation''
  2.) open your browser and go to https://10.215.23.1
+
# open your browser and go to https://10.215.23.1
  3.) create the certificate by entering a hostname and password
+
# create the certificate by entering a hostname and password
  
 
You are now able to connect to the network by using the ca and your client certificate.
 
You are now able to connect to the network by using the ca and your client certificate.
Zeile 48: Zeile 48:
  
  
== Revoke certificate ==
+
== Manual server side setup ==
  ## connect to wpa-01.in.metalab.at (10.20.30.25) as root.
 
  # user@host:~# ssh -l root wpa-01.in.metalab.at
 
  # root@wpa-01:~# cd /ca
 
  # root@wpa-01:~# ./revoke.sh ''yourname''
 
  ## enter ca password
 
  
== Create a certificate manually ==
+
=== Create a certificate ===
 
   ## connect to wpa-01.in.metalab.at (10.20.30.25) as root.
 
   ## connect to wpa-01.in.metalab.at (10.20.30.25) as root.
 
   # user@host:~# ssh -l root wpa-01.in.metalab.at
 
   # user@host:~# ssh -l root wpa-01.in.metalab.at
Zeile 62: Zeile 57:
 
   ## copy the certificates to your host
 
   ## copy the certificates to your host
 
   # user@host:~# scp -r root@wpa-01.in.metalab.at:/tmp/''yourname''.tar /path/to
 
   # user@host:~# scp -r root@wpa-01.in.metalab.at:/tmp/''yourname''.tar /path/to
 +
 +
=== Revoke certificate ===
 +
  ## connect to wpa-01.in.metalab.at (10.20.30.25) as root.
 +
  # user@host:~# ssh -l root wpa-01.in.metalab.at
 +
  # root@wpa-01:~# cd /ca
 +
  # root@wpa-01:~# ./revoke.sh ''yourname''
 +
  ## enter ca password
 +
 +
 +
== Server documentation ==
 +
tbd

Version vom 27. Februar 2009, 08:49 Uhr

Create certificates

You need to create/use a certificate to connect to the WPA2 access point.

  1. connect to the unencrypted wireless network metalab-wpa2-certcreation
  2. open your browser and go to https://10.215.23.1
  3. create the certificate by entering a hostname and password

You are now able to connect to the network by using the ca and your client certificate.


Use certificates

Linux

sample wpa_supplicant.conf:

 network={
   ssid="metalab-wpa2"
   scan_ssid=1
   key_mgmt=WPA-EAP
   proto=WPA2
   eap=TLS
   pairwise=CCMP
   group=CCMP
   identity="yourname"
   ca_cert="/path/to/ca.crt"
   client_cert="/path/to/yourname-cert.pem"
   private_key="/path/to/yourname-key.pem"
   private_key_passwd="secretpassword"
 }


MacOS X

Wpa2 cacert.png
Import the ca-certifcate "ca.crt" to the system keychain.

Wpa2 cacert trust.png
Set the trust level for the ca-certificate

Wpa2 clientcert.png
Import the client certifcate "yourname-cert.p12" to the login keychain with the choosen import password.

Wpa2 macgui.png
Connect to the metalab-wpa2 network



Windows

tbd


Manual server side setup

Create a certificate

 ## connect to wpa-01.in.metalab.at (10.20.30.25) as root.
 # user@host:~# ssh -l root wpa-01.in.metalab.at
 # root@wpa-01:~# ./mkclient.sh hostname password
 # root@wpa-01:~# exit
 ## copy the certificates to your host
 # user@host:~# scp -r root@wpa-01.in.metalab.at:/tmp/yourname.tar /path/to

Revoke certificate

 ## connect to wpa-01.in.metalab.at (10.20.30.25) as root.
 # user@host:~# ssh -l root wpa-01.in.metalab.at
 # root@wpa-01:~# cd /ca
 # root@wpa-01:~# ./revoke.sh yourname
 ## enter ca password


Server documentation

tbd