3.20.2010

Membuat login hotspot mikrotik dengan SSL agar lebih aman linux base

Sabagai salah satu tahapan finishing setup mikrotik, maka diperlukan koneksi tersandi ke hotspot mikrotik.
Ini sangat penting karena dengan integrasi otentifikasi mikrotik dengan radius dan LDAP yang hanya bisa PAP (tidak bisa CHAP).
Tahapan yang dilakukan yaitu :
A. Membuat sertifikat SSL di OS Linux
Untuk dapat membuat sertifikat diperlukan aplikasi openSSL, maka apabila di OS Linux belum ada diperlukan instalasi openSSL.
1. membuat key
# openssl genrsa -des3 -out hotspot.key 1024
Generating RSA private key, 1024 bit long modulus
……………….++++++
……++++++
e is 65537 (0×10001)
Enter pass phrase for hotspot.key:
Verifying - Enter pass phrase for hotspot.key:
–> akan dibuat file hotspot.key

2. Membuat request key
# openssl req -new -key hotspot.key -out hotspot.csr
Enter pass phrase for hotspot.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:ID
State or Province Name (full name) [Berkshire]:DIY
Locality Name (eg, city) [Newbury]:Yogyakarta
Organization Name (eg, company) [My Company Ltd]:UII
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server’s hostname) []:uiiaccess.uii.ac.id
Email Address []:kusprayitna@staff.uii.ac.id
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:Badan Sistem Informasi
–> akan dibuat file hotspot.csr berdasar hotspot.key
3. Membuat certifikat sendiri
# openssl x509 -req -days 10000 -in hotspot.csr -signkey hotspot.key -out hotspot.crt
Signature ok
subject=/C=ID/ST=DIY/L=Yogyakarta/O=UII/CN=uiiaccess.uii.ac.id/emailAddress=kusprayitna@staff.uii.ac.id
Getting Private key
Enter pass phrase for hotspot.key:
–> akan dibuat file sertifikat ssl hotspot.crt berdasar point 1 dan 2
4. Upload file hotspot.key dan hotspot.crt ke server router mikrotik dengan menggunakan FTP
B.  Instalasi sertifikat di mikrotik
1. Masuk ke terminal mikrotik dan import sertifikat :
/certificate import file-name=hotspot.crt
passphrase:
certificates-imported: 1
private-keys-imported: 0
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0

/certificate import file-name=hotspot.key
passphrase:
certificates-imported: 0
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
2. Lihat hasil import
/certificate print
Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa
0 KR name=”cert1″ subject=C=ID,ST=DIY,L=Yogyakarta,O=UII,CN=uiiaccess.uii.ac.id
,
emailAddress=kusprayitna@staff.uii.ac.id
issuer=C=ID,ST=DIY,L=Yogyakarta,O=UII,CN=uiiaccess.uii.ac.id,
emailAddress=kusprayitna@staff.uii.ac.id
serial-number=”C085DEEAA752A0EF” email=kusprayitna@staff.uii.ac.id
invalid-before=mar/09/2010 18:07:36 invalid-after=jul/25/2037 18:07:36
ca=yes
7. Set koneksi www-ssl dengan sertifikat cert1 yang barusan di import
/ip service set www-ssl certificate=cert1
8. Jika masih disable www=ssl maka aktifkan
/ip service set www-ssl disabled=no


9. Set server profile hotspot dapat terhubung dengan https dengan sertifikat cert1

Tidak ada komentar: