aboutsummaryrefslogtreecommitdiffstats
path: root/hs20
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2018-12-03 22:15:04 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-03 22:34:10 (GMT)
commitd726f4da547e943216bb6ba8b79d51fc015e03e1 (patch)
tree0742836960c72e6e8eaa771a6de183d64c430dab /hs20
parent2166651b0c262248fa64c22a2426b6c9cff94ca2 (diff)
downloadhostap-d726f4da547e943216bb6ba8b79d51fc015e03e1.zip
hostap-d726f4da547e943216bb6ba8b79d51fc015e03e1.tar.gz
hostap-d726f4da547e943216bb6ba8b79d51fc015e03e1.tar.bz2
HS 2.0 server: Document client certificate related Apache configuration
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'hs20')
-rw-r--r--hs20/server/hs20-osu-server.txt5
1 files changed, 5 insertions, 0 deletions
diff --git a/hs20/server/hs20-osu-server.txt b/hs20/server/hs20-osu-server.txt
index 70f1313..22478ad 100644
--- a/hs20/server/hs20-osu-server.txt
+++ b/hs20/server/hs20-osu-server.txt
@@ -228,12 +228,17 @@ Add following block just before "SSL Engine Switch" line":
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Require all granted
+ SSLOptions +StdEnvVars
</Directory>
Update SSL configuration to use the OSU server certificate/key.
They keys and certs are called 'server.key' and 'server.pem' from
ca/setup.sh.
+To support subscription remediation using client certificates, set
+"SSLVerifyClient optional" and configure the trust root CA(s) for the
+client certificates with SSLCACertificateFile.
+
Enable default-ssl site and restart Apache2:
sudo a2ensite default-ssl
sudo a2enmod ssl