Ini sangat penting karena dengan integrasi otentifikasi mikrotik dengan radius dan LDAP yang hanya bisa PAP (tidak bisa CHAP).
Tahapan yang dilakukan yaitu :
A. Membuat sertifikat SSL di OS Linux
Untuk dapat membuat sertifikat diperlukan aplikasi openSSL, maka apabila di OS Linux belum ada diperlukan instalasi openSSL.
1. membuat key
# openssl genrsa -des3 -out hotspot.key 1024–> akan dibuat file hotspot.key
Generating RSA private key, 1024 bit long modulus
……………….++++++
……++++++
e is 65537 (0×10001)
Enter pass phrase for hotspot.key: <password>
Verifying - Enter pass phrase for hotspot.key: <ulangi password>
2. Membuat request key
# openssl req -new -key hotspot.key -out hotspot.csr
Enter pass phrase for hotspot.key:–> akan dibuat file hotspot.csr berdasar hotspot.key
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:ID
State or Province Name (full name) [Berkshire]:DIY
Locality Name (eg, city) [Newbury]:Yogyakarta
Organization Name (eg, company) [My Company Ltd]:UII
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server’s hostname) []:uiiaccess.uii.ac.id
Email Address []:kusprayitna@staff.uii.ac.id
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:<password>
An optional company name []:Badan Sistem Informasi
3. Membuat certifikat sendiri
# openssl x509 -req -days 10000 -in hotspot.csr -signkey hotspot.key -out hotspot.crt
Signature ok
subject=/C=ID/ST=DIY/L=Yogyakarta/O=UII/CN=uiiaccess.uii.ac.id/emailAddress=kusprayitna@staff.uii.ac.id
Getting Private key
Enter pass phrase for hotspot.key: <password>–> akan dibuat file sertifikat ssl hotspot.crt berdasar point 1 dan 2
4. Upload file hotspot.key dan hotspot.crt ke server router mikrotik dengan menggunakan FTP
B. Instalasi sertifikat di mikrotik
1. Masuk ke terminal mikrotik dan import sertifikat :
/certificate import file-name=hotspot.crt
passphrase: <password>
certificates-imported: 1
private-keys-imported: 0
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
/certificate import file-name=hotspot.key
passphrase: <password>
certificates-imported: 0
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 02. Lihat hasil import
/certificate print
Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa
0 KR name=”cert1″ subject=C=ID,ST=DIY,L=Yogyakarta,O=UII,CN=uiiaccess.uii.ac.id
,
emailAddress=kusprayitna@staff.uii.ac.id
issuer=C=ID,ST=DIY,L=Yogyakarta,O=UII,CN=uiiaccess.uii.ac.id,
emailAddress=kusprayitna@staff.uii.ac.id
serial-number=”C085DEEAA752A0EF” email=kusprayitna@staff.uii.ac.id
invalid-before=mar/09/2010 18:07:36 invalid-after=jul/25/2037 18:07:36
ca=yes7. Set koneksi www-ssl dengan sertifikat cert1 yang barusan di import
/ip service set www-ssl certificate=cert18. Jika masih disable www=ssl maka aktifkan
/ip service set www-ssl disabled=no
Sumber
0 komentar:
Post a Comment