Getting started with HS20 r2 (OSU client/server and such?)

Ben Greear greearb
Sat Mar 21 08:46:29 PDT 2015

On 03/21/2015 07:34 AM, Jouni Malinen wrote:
> On Sat, Mar 21, 2015 at 04:28:59PM +0200, Jouni Malinen wrote:
>> On Tue, Mar 17, 2015 at 07:37:08PM -0700, Ben Greear wrote:
>>> Do you know where that osu-ca.pem comes from?
>> I was assuming the root CAs to be available somewhat on WFA public web
>> server. However, I'm not sure where..
> Actually, I just found it.. The three root CA certificates are included
> in Hotspot 2.0 (Release 2) Technical Specification Package v1.1.0. In
> addition, that package includes the SPP schema file (which needs to be
> copied to spp.xsd for hs20-osu-client).

I have a copy of those 3 certs, but I don't really know how to use them
at this point.

And, probably self-signed certs will be enough for my needs at this point.

But, any reason to not add these certs to hostapd/hs20/server/ca and allow
to use them when generating keys with command-line arg?  I figure if we can make
it somewhat easy to set up some HS20 test services then it should be good for anyone
trying to actually implement HS20 properly on the station side.  Looks to me like
there is quite a bit of work to be done by projects like NetworkManager and such?


Ben Greear <greearb at>
Candela Technologies Inc

More information about the Hostap mailing list