Sabagai salah satu tahapan finishing setup mikrotik, maka diperlukan koneksi tersandi ke hotspot mikrotik.

Ini sangat penting karena dengan integrasi otentifikasi mikrotik dengan radius dan LDAP yang hanya bisa PAP (tidak bisa CHAP).

Tahapan yang dilakukan yaitu :

A. Membuat sertifikat SSL di OS Linux

Untuk dapat membuat sertifikat diperlukan aplikasi openSSL, maka apabila di OS Linux belum ada diperlukan instalasi openSSL.

1. membuat key
# openssl genrsa -des3 -out hotspot.key 1024

Generating RSA private key, 1024 bit long modulus
……………….++++++
……++++++
e is 65537 (0×10001)
Enter pass phrase for hotspot.key: <password>
Verifying - Enter pass phrase for hotspot.key: <ulangi password>
–> akan dibuat file hotspot.key

2. Membuat request key

# openssl req -new -key hotspot.key -out hotspot.csr
Enter pass phrase for hotspot.key:
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter ‘.’, the field will be left blank.
    —–
    Country Name (2 letter code) [GB]:ID
    State or Province Name (full name) [Berkshire]:DIY
    Locality Name (eg, city) [Newbury]:Yogyakarta
    Organization Name (eg, company) [My Company Ltd]:UII
    Organizational Unit Name (eg, section) []:.
    Common Name (eg, your name or your server’s hostname) []:uiiaccess.uii.ac.id
    Email Address []:kusprayitna@staff.uii.ac.id

    Please enter the following ‘extra’ attributes
    to be sent with your certificate request
    A challenge password []:<password>
    An optional company name []:Badan Sistem Informasi
–> akan dibuat file hotspot.csr berdasar hotspot.key

3. Membuat certifikat sendiri

# openssl x509 -req -days 10000 -in hotspot.csr -signkey hotspot.key -out hotspot.crt
Signature ok
subject=/C=ID/ST=DIY/L=Yogyakarta/O=UII/CN=uiiaccess.uii.ac.id/emailAddress=kusprayitna@staff.uii.ac.id
Getting Private key
Enter pass phrase for hotspot.key: <password>
–> akan dibuat file sertifikat ssl hotspot.crt berdasar point 1 dan 2

4. Upload file hotspot.key dan hotspot.crt ke server router mikrotik dengan menggunakan FTP

B. Instalasi sertifikat di mikrotik

1. Masuk ke terminal mikrotik dan import sertifikat :
/certificate import file-name=hotspot.crt
    passphrase: <password>
    certificates-imported: 1
    private-keys-imported: 0
    files-imported: 1
    decryption-failures: 0
    keys-with-no-certificate: 0

    /certificate import file-name=hotspot.key
    passphrase: <password>
    certificates-imported: 0
    private-keys-imported: 1
    files-imported: 1
    decryption-failures: 0
    keys-with-no-certificate: 0
2. Lihat hasil import
/certificate print
    Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa

    0 KR name=”cert1″ subject=C=ID,ST=DIY,L=Yogyakarta,O=UII,CN=uiiaccess.uii.ac.id
    ,
    emailAddress=kusprayitna@staff.uii.ac.id
    issuer=C=ID,ST=DIY,L=Yogyakarta,O=UII,CN=uiiaccess.uii.ac.id,
    emailAddress=kusprayitna@staff.uii.ac.id
    serial-number=”C085DEEAA752A0EF” email=kusprayitna@staff.uii.ac.id
    invalid-before=mar/09/2010 18:07:36 invalid-after=jul/25/2037 18:07:36
    ca=yes
7. Set koneksi www-ssl dengan sertifikat cert1 yang barusan di import
/ip service set www-ssl certificate=cert1
8. Jika masih disable www=ssl maka aktifkan
/ip service set www-ssl disabled=no

Sumber

0 komentar:

Post a Comment

 
Top