SmartBridges sB3210 manual Produce Certificates

Page 45

i n t e l l i g e n t

w i r e l e s s

p l a t f o r m

make > mymake.log 2>&1

If you encounter problems, you can review mymake.log (or myconfig.log, or myinstall.log) for errors.

b. FreeRadius -- Download the latest FreeRADIUS snapshot.We downloaded the file to our home directory. The snapshot is located at:

»ftp://ftp.freeradius.org/pub/radius/CVS-snap..

Then we used the following nine steps:

mkdir -p /usr/src/802/radius cd /usr/src/802/radius

cp /home/jbibe/freeradius-snapshot-20040203.tar.gz \ freeradius-snapshot-20040203.tar.gz

gunzip freeradius-snapshot-20040203.tar.gz tar xvf freeradius-snapshot-20040203.tar cd freeradius-snapshot-20040203

./configure --with-openssl-includes=/usr/local/openssl/include \ --with-openssl-libraries=/usr/local/openssl/lib \ --prefix=/usr/local/radius

make make install

That completes the work with FreeRADIUS, except for building certificates, making the changes to the FreeRADIUS configuration files, moving the server certificates to their final location, and building a wrapper for radiusd.

2. Produce Certificates

Server and client certificates are needed for TLS and PEAP. To produce the required certificates, We recommend that you use CA.all that is included with FreeRADIUS. CA.all uses the configuration information in openssl.cnf.

a. openssl.cnf -- Update openssl.cnf for your configuration. The configuration file is located at:

/usr/local/openssl/ssl

A portion of the information from our openssl.cnf is given below. (The company information is does not describe an actual company located in Brentwood, TN.) Note that the configuration information includes the password "whatever". It is the certificate password.

When CA.all executes, it uses this information three times. The first pass through this information produces the root certificates. If you set up your configuration as shown below, you will be able to accept all of the settings in the first pass. The second pass through this information produces the client certificates. You only need to change the commonName to the client name. In our case, We changed the commonName to jbibe. The third pass through this information produces the server certificates. You only need to change the commonName to the server name. In our case, we changed the commonName to micron.

----- Example -------------------------------------------

...

# req_extensions = v3_req

airPoint™ Nexus User Configuration Guide

Page 45 of 55

 

Page 44 Page 46
Image 45
Page 44 Page 46
Contents Version AirPoint Nexus SB3210Table of Contents About This Document Overview of User GuideRelated Publications Technical Support Center AirPoint Nexus Configuration Features IntroductionSystem Requirements Pre-Installation Checklist for airPoint ChecklistsParameters Units Site a Site B Economical One radio model sB3210Signature of Engineer Name Date Rssi Post-Installation Checklist for airPointChecklist Parameters Units Site a Site B User Login and License Agreement AirPoint ConfigurationLicense Agreement Description of Parameters Descriptions Web GUI Administrator Password ChangeNavigation Menu Bar Using the Configuration PagesDescription of Menus Menu Item Menu Sub-items Editable Boxes for Parameter EditingNone Menu Item Menu Sub-items DescriptionWEP Only Internal ACLTools Help AirPoint Bridge Configuration Parameters Ethernet ConfigurationsWireless Configuration Wireless Settings Items Descriptions AirPoint Bridge Wireless SettingsRadio Protocol Items DescriptionsRadio Protocol Parameters AirPoint Bridge Performance Settings Bridge Configuration Configuring Spanning Tree Protocol STPDefault STP Values Setting Default Value Range Purpose Setting Default Value Range Purpose T e l l i g e n t R e l e s s A t f o r m 11 Bridge Configuration WEP only Wireless Equivalent Privacy SecurityWDS Table T e l l i g e n t R e l e s s A t f o r m Internal ACL with WEP disabled External ACL Radius & Internal ACL WPA-Radius External ACLRadius & Internal ACLWPA radius Traffic Statistics Traffic StatisticsTools System ConfigurationSnmp Security System Configuration DescriptionsSnmp Security Configuration Reset OptionsDelayed Reset NTP Time Server SetupProfile Manager NTP Time SettingsProfile Manager Menu Items Save ProfileProfile Calendar Load Operating ProfilePing Test Result Link TestThroughput Test Result Link Budget Planning10 Link Budget Planning Calculator Link Budget AirPoint Nexus Firmware Upgrade Firmware UpgradeSuccessful upgrade pop-up window Appendix a Configuration of the Radius Server Produce Certificates T e l l i g e n t R e l e s s A t f o r m Configure Server for TLS Install Windows XP Certificates and Setup Client for TLS Test TLS Change Windows XP for Peap Abbreviations Acronyms Appendix B Useful terms and definitionsWPA Snmp Appendix C Snmp Trap Appendix D License
Top Page Image Contents