Infrastructure:Wireless

From Reverse Space Wiki
Jump to: navigation, search

Information Mogul: Derek

Network[edit]

Equipment:

  • 1x Radius Server (cronos.reversespace.com)
  • 1x Wireless AP (hermes.reversespace.com)
  • 1x Certificate chain

SSID: ReverseSpace on channel 11 (auto, subject to change)

Protection: EAP-TLS


Login requires a valid certificate signed by the Reversespace Root CA. Submit a signing request to ManoftheSea.

openssl req -new -config openssl.cnf -out my_request.req

Export the file for Windows when you get it back with

openssl pkcs12 -export -in my_cert.pem -inkey privkey.pem -out my_cert.p12


openssl.cnf[edit]

###
# OpenSSL Config File
# Version 1.0
# dlahouss@gmail.com
# Request Generation
###

x509_extensions = usr_cert              # The extentions to add to the cert
name_opt        = usr_default           # Subject Name options
cert_opt        = usr_default           # Certificate field options
default_days    = 90                    # how long to certify for
default_md      = sha1                  # which md to use.
preserve        = no                    # keep passed DN ordering
policy          = policy_match

# For the CA policy
[ policy_match ]
countryName             = match
stateOrProvinceName     = match
organizationName        = match
organizationalUnitName  = match
commonName              = supplied
emailAddress            = supplied

####################################################################
[ req ]
default_bits            = 2048
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name
attributes              = req_attributes
x509_extensions         = usr_cert
string_mask = nombstr

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = US
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Virginia

localityName                    = Locality Name (eg, city)
localityName_default            = Herndon

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = ReverseSpace

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Infrastructure

commonName                      = Common Name (eg, YOUR name)
commonName_max                  = 64

emailAddress                    = Email Address
emailAddress_max                = 64

[ req_attributes ]


[ usr_cert ]

basicConstraints=CA:FALSE
nsCertType = client, email, objsign
extendedKeyUsage=1.3.6.1.5.5.7.3.2
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment                       = "OpenSSL Generated Certificate"

# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer

Root CA[edit]

-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIJAIrv5v1tFi/KMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD
VQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEDAOBgNVBAcTB0hlcm5kb24xFTAT
BgNVBAoTDFJldmVyc2VTcGFjZTEXMBUGA1UECxMOSW5mcmFzdHJ1Y3R1cmUxHTAb
BgNVBAMTFFJldmVyc2VTcGFjZSBSb290IENBMSEwHwYJKoZIhvcNAQkBFhJkbGFo
b3Vzc0BnbWFpbC5jb20wHhcNMTEwMjA0MTM1OTQ1WhcNMTIwMjA0MTM1OTQ1WjCB
pDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRAwDgYDVQQHEwdIZXJu
ZG9uMRUwEwYDVQQKEwxSZXZlcnNlU3BhY2UxFzAVBgNVBAsTDkluZnJhc3RydWN0
dXJlMR0wGwYDVQQDExRSZXZlcnNlU3BhY2UgUm9vdCBDQTEhMB8GCSqGSIb3DQEJ
ARYSZGxhaG91c3NAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA6S189P1lgw1fzWd5vxQUMZrz3FWKzykGeZJ0yF13nE+2sdKLBdKPssio
HRfIvPYkHl0+WHO+JmB351pYB7SR5+L4J/ZFlWTc0RFJISIsiqkdL+4nbwrC2gyr
QIs6+5C+FsWFoNtZ8IhqbcV2KQCW8lJj+8WZa5OuBT/gWmtuCCKrznb8LS0DS7X2
63oDzFQWvzstQeGViMhiWUaz41aFVI+OTiRSXLdmFwSd5UE0NEvYbwi2PbjhFaSc
q8ZaAJt7+pW5oK+hUpD4BByrenB1uwMJoxW6R+y82eQWgj0DajYg+Lrk38ruNT2l
R/BKd4/dZkuaM7HjUlxV+FfkW0QsEQIDAQABo4IBDTCCAQkwHQYDVR0OBBYEFDCn
AJHjq7/Vbr4f+jBnQSBeqfVfMIHZBgNVHSMEgdEwgc6AFDCnAJHjq7/Vbr4f+jBn
QSBeqfVfoYGqpIGnMIGkMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EDAOBgNVBAcTB0hlcm5kb24xFTATBgNVBAoTDFJldmVyc2VTcGFjZTEXMBUGA1UE
CxMOSW5mcmFzdHJ1Y3R1cmUxHTAbBgNVBAMTFFJldmVyc2VTcGFjZSBSb290IENB
MSEwHwYJKoZIhvcNAQkBFhJkbGFob3Vzc0BnbWFpbC5jb22CCQCK7+b9bRYvyjAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCvu/Z0zXXugTy64g4VGbjd
Reqq35w5EeNzeueHnpt2joPEvl4ajM+uUNsHhDH9YXsWQKhgOKR2kKnET5jxf6Wr
rRzA/SjD6vVB3cdmEZ/CVDj+bLKbIsteCT9teOOfAMKeyeQV40iKd8o9g4yr8fzL
k1L2g7SH2gedn2slYMxzMgKE2RTw2LD5WOXAft/0WZjRxluMdva7FG6GTOJh7Dcj
aksuHwRQD4g0JjZiM/STjAaxr808tUndR798LNDQjvAuhF+Tuata9f0PguxDXXMC
gFLFL0rrRRXV6S4QeoaeU9Gz13YbQkd31Ktm4jLQEy/sqz3L0YW3MvqAiJn+G2mQ
-----END CERTIFICATE-----