B2G/QA/Tips And Tricks: Difference between revisions

Jump to navigation Jump to search

B2G/QA/Tips And Tricks (view source)

Revision as of 09:41, 26 May 2014

362 bytes added ,  26 May 2014
→‎WIFI
Line 581: Line 581:
* Steps to enable EAP-TLS
* Steps to enable EAP-TLS
** 1. Generate CA files
** 1. Generate CA files
  $ cd /usr/lib/ssl/misc/
      $ cd /usr/lib/ssl/misc/
  $ su
      $ su
  $ ./CA.pl -newca, follow the steps to generate certificate in ./demoCA directory
      $ ./CA.pl -newca, follow the steps to generate certificate in ./demoCA directory
** 2. Generate server side certificate
** 2. Generate server side certificate
  $ openssl req -new -nodes -keyout srv_key.pem -out srv_req.pem -config ../openssl.cnf  
      $ openssl req -new -nodes -keyout srv_key.pem -out srv_req.pem -config ../openssl.cnf  
  $ openssl ca -config ../openssl.cnf -policy policy_anything -out srv_cert.pem -infiles ./srv_req.pem
      $ openssl ca -config ../openssl.cnf -policy policy_anything -out srv_cert.pem -infiles ./srv_req.pem
  $ cat srv_key.pem srv_cert.pem > srv_keycert.pem
      $ cat srv_key.pem srv_cert.pem > srv_keycert.pem
** 3. Generate client side certificate
** 3. Generate client side certificate
  $ openssl req -new -keyout cli_key.pem -out cli_req.pem -config ../openssl.cnf
      $ openssl req -new -keyout cli_key.pem -out cli_req.pem -config ../openssl.cnf
  $ openssl ca -config ../openssl.cnf -policy policy_anything -out cli_cert.pem -infiles ./cli_req.pem
      $ openssl ca -config ../openssl.cnf -policy policy_anything -out cli_cert.pem -infiles ./cli_req.pem
  $ openssl pkcs12 -export -in cli_cert.pem -inkey cli_key.pem -out cli_cert.p12 -clcerts
      $ openssl pkcs12 -export -in cli_cert.pem -inkey cli_key.pem -out cli_cert.p12 -clcerts
** 4. Generate 2 required files that TLS needs
** 4. Generate 2 required files that TLS needs
  $ openssl dhparam -check -text -5 512 -out dh
      $ openssl dhparam -check -text -5 512 -out dh
  $ dd if=/dev/urandom of=random count=2
      $ dd if=/dev/urandom of=random count=2
** 5. put srv_keycert.pem in default cert directory of freeraidus. In this example, the directory is /etc/freeradius/certs
** 5. put srv_keycert.pem in default cert directory of freeraidus. In this example, the directory is /etc/freeradius/certs
** 6. put cacert.pem in default cert directory of freeraidus. In this example, the directory is /etc/freeradius/certs
** 6. put cacert.pem in default cert directory of freeraidus. In this example, the directory is /etc/freeradius/certs
Line 606: Line 606:
       random_file = ${certdir}/random (the output of STEP 4)
       random_file = ${certdir}/random (the output of STEP 4)
** 9. Restart freeradius server
** 9. Restart freeradius server
    $ sudo /usr/sbin/freeradius -X
      $ sudo /usr/sbin/freeradius -X
** 10. Configure Android Device to Test EAP-TLS
      - $ adb push /usr/lib/ssl/misc/cli_cert.p12 /sdcard/Download (generate in STEP 3)
      - Goto Settings -> Location & Security -> Install from SD card on android device
      - Click on cli_cert.p12 file
      - Enter the password to extract the certificates when prompted


= Building Gecko/Gaia =
= Building Gecko/Gaia =
Cfchang
Confirmed users
79

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/982664"

Navigation menu