May 2016
Run wpa_supplicant using
sudo wpa_supplicant -i eth7 -D wired -c /tmp/802/wpa_supplicant.conf
ap_scan=0 eapol_version=2 network={ key_mgmt=IEEE8021X identity="test" password="test" eap=MD5 }
DH_KEY_SIZE = 2048 CA_DEFAULT_DAYS = 3650 .PHONY: all all: index.txt serial dh random server client ca .PHONY: client client: client.pem .PHONY: ca ca: ca.der .PHONY: server server: server.pem # Diffie-Hellman parameters dh: openssl gendh -out dh -2 $(DH_KEY_SIZE) # Create a new self-signed CA certificate ca.key ca.pem: ca.cnf @[ -f index.txt ] || $(MAKE) index.txt @[ -f serial ] || $(MAKE) serial openssl req -nodes -new -x509 -keyout ca.key -out ca.pem \ -days $(CA_DEFAULT_DAYS) -config ./ca.cnf ca.der: ca.pem openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der # Create a new server certificate, signed by the above CA. server.csr server.key: server.cnf openssl req -nodes -new -out server.csr -keyout server.key -config ./server.cnf server.crt: server.csr ca.key ca.pem openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf server.p12: server.crt openssl pkcs12 -nodes -export -in server.crt -inkey server.key -out server.p12 -passout pass: server.pem: server.p12 openssl pkcs12 -nodes -in server.p12 -out server.pem -passin pass: # Create a new client certificate, signed by the the above CA client.csr client.key: client.cnf openssl req -nodes -new -out client.csr -keyout client.key -config ./client.cnf client.crt: client.csr ca.pem ca.key openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf client.p12: client.crt openssl pkcs12 -nodes -export -in client.crt -inkey client.key -out client.p12 -passout pass: client.pem: client.p12 openssl pkcs12 -nodes -in client.p12 -out client.pem -passin pass: # Miscellaneous rules. index.txt: @touch index.txt serial: @echo '001' > serial random: @if [ -c /dev/urandom ] ; then \ dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1; \ else \ date > ./random; \ fi print: openssl x509 -text -in server.crt printca: openssl x509 -text -in ca.pem
ap_scan=0 eapol_version=2 network={ key_mgmt=IEEE8021X identity="test" password="test" eap=TLS ca_cert="/tmp/802/ca.pem" client_cert="/tmp/802/client.pem" private_key="/tmp/802/client.key" }
posted at: 00:06 | path: /projects | permanent link