Ini sangat penting karena dengan integrasi otentifikasi mikrotik dengan radius dan LDAP yang hanya bisa PAP (tidak bisa CHAP).
Tahapan yang dilakukan yaitu :
A. Membuat sertifikat SSL di OS Linux
Untuk dapat membuat sertifikat diperlukan aplikasi openSSL, maka apabila di OS Linux belum ada diperlukan instalasi openSSL.
1. membuat key
# openssl genrsa -des3 -out hotspot.key 1024
Generating RSA private key, 1024 bit long modulus–> akan dibuat file hotspot.key
……………….++++++
……++++++
e is 65537 (0×10001)
Enter pass phrase for hotspot.key:
Verifying - Enter pass phrase for hotspot.key:
2. Membuat request key
# openssl req -new -key hotspot.key -out hotspot.csr
Enter pass phrase for hotspot.key:–> akan dibuat file hotspot.csr berdasar hotspot.key
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:ID
State or Province Name (full name) [Berkshire]:DIY
Locality Name (eg, city) [Newbury]:Yogyakarta
Organization Name (eg, company) [My Company Ltd]:UII
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server’s hostname) []:uiiaccess.uii.ac.id
Email Address []:kusprayitna@staff.uii.ac.id
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:Badan Sistem Informasi
3. Membuat certifikat sendiri
# openssl x509 -req -days 10000 -in hotspot.csr -signkey hotspot.key -out hotspot.crt
Signature ok–> akan dibuat file sertifikat ssl hotspot.crt berdasar point 1 dan 2
subject=/C=ID/ST=DIY/L=Yogyakarta/O=UII/CN=uiiaccess.uii.ac.id/emailAddress=kusprayitna@staff.uii.ac.id
Getting Private key
Enter pass phrase for hotspot.key:
4. Upload file hotspot.key dan hotspot.crt ke server router mikrotik dengan menggunakan FTP
B. Instalasi sertifikat di mikrotik
1. Masuk ke terminal mikrotik dan import sertifikat :
/certificate import file-name=hotspot.crt2. Lihat hasil import
passphrase:
certificates-imported: 1
private-keys-imported: 0
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
/certificate import file-name=hotspot.key
passphrase:
certificates-imported: 0
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
/certificate print7. Set koneksi www-ssl dengan sertifikat cert1 yang barusan di import
Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa
0 KR name=”cert1″ subject=C=ID,ST=DIY,L=Yogyakarta,O=UII,CN=uiiaccess.uii.ac.id
,
emailAddress=kusprayitna@staff.uii.ac.id
issuer=C=ID,ST=DIY,L=Yogyakarta,O=UII,CN=uiiaccess.uii.ac.id,
emailAddress=kusprayitna@staff.uii.ac.id
serial-number=”C085DEEAA752A0EF” email=kusprayitna@staff.uii.ac.id
invalid-before=mar/09/2010 18:07:36 invalid-after=jul/25/2037 18:07:36
ca=yes
/ip service set www-ssl certificate=cert18. Jika masih disable www=ssl maka aktifkan
/ip service set www-ssl disabled=no
9. Set server profile hotspot dapat terhubung dengan https dengan sertifikat cert1
Tidak ada komentar:
Posting Komentar