[PATCH 2/2] hs20: Update hs20 server notes file.

greearb at candelatech.com greearb
Mon Mar 23 11:05:43 PDT 2015

From: Ben Greear <greearb at candelatech.com>

Include example hostapd-radius config file for the OSEN radius
server.  Show example of how to use the ca/setup.sh script to
generate keys.

Show how to start OCSP responder and generate the ocsp cache

Signed-off-by: Ben Greear <greearb at candelatech.com>
 hs20/server/hs20-osu-server.txt | 53 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/hs20/server/hs20-osu-server.txt b/hs20/server/hs20-osu-server.txt
index 80985f7..1557248 100644
--- a/hs20/server/hs20-osu-server.txt
+++ b/hs20/server/hs20-osu-server.txt
@@ -100,6 +100,19 @@ sqlite3 /home/user/hs20-server/AS/DB/eap_user.db < sql-example.txt
 # the examples as-is for initial testing).
 cp -r www /home/user/hs20-server
+# Build local keys and certs
+cd ca
+# Display help options.
+./setup.sh -h
+# Remove old keys, fill in appropriate values, and generate your keys.  For instance:
+rm -fr rootCA"
+./setup.sh -C "Hotspot 2.0 Trust Root CA - CT" -d $old_hostname \
+   -I "Hotspot 2.0 Intermediate CA - CT" -o $old_hostname-osu-client \
+   -O $old_hostname-oscp -p lanforge -S $old_hostname -V $old_hostname-osu-revoked \
+   -m local -u http://$old_hostname:8888/
 # Configure subscription policies
 mkdir -p /home/user/hs20-server/spp/policy
@@ -128,6 +141,7 @@ EOF
 # Configure RADIUS authentication service
 # Note: Change the URL to match the setup
 # Note: Install AAA server key/certificate and root CA in Key directory
+# NOTE: ca.pem is a copy of the hs20-server/ca/ca.pem file
 cat > /home/user/hs20-server/AS/as-sql.conf <<EOF
@@ -156,6 +170,45 @@ cd /home/user/hs20-server/AS
 ./hostapd -B as-sql.conf
+OSEN Radius configuration notes.
+The OSEN RADIUS server config file should have the 'ocsp_stapling_response'
+configuration in it.  For example:
+# hostapd-radius config for the radius used by the OSEN AP
+# Run OCSP server:
+cd /home/user/hs20-server/ca
+# Update cache (This should be run periodically, but once will work for testing)
 Configure web server

More information about the Hostap mailing list