jeltz
/
hostap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

HS 2.0 server: Document client certificate related Apache configuration 

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2018-12-04 00:15:04 +02:00 committed by Jouni Malinen
parent 2166651b0c
commit d726f4da54
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hs20/server/hs20-osu-server.txt
View File

@ -228,12 +228,17 @@ Add following block just before "SSL Engine Switch" line":
Options Indexes MultiViews FollowSymLinks Options Indexes MultiViews FollowSymLinks
AllowOverride None AllowOverride None
Require all granted Require all granted
SSLOptions +StdEnvVars
</Directory> </Directory>
Update SSL configuration to use the OSU server certificate/key. Update SSL configuration to use the OSU server certificate/key.
They keys and certs are called 'server.key' and 'server.pem' from They keys and certs are called 'server.key' and 'server.pem' from
ca/setup.sh. ca/setup.sh.
To support subscription remediation using client certificates, set
"SSLVerifyClient optional" and configure the trust root CA(s) for the
client certificates with SSLCACertificateFile.
Enable default-ssl site and restart Apache2: Enable default-ssl site and restart Apache2:
sudo a2ensite default-ssl sudo a2ensite default-ssl
sudo a2enmod ssl sudo a2enmod ssl