Antamedia HotSpot Manual
    
SSL Certificate Setup

Introduction

This document has been compiled to assist in the configuration of a valid SSL certificate issued by a recognized Certificate Authority (CA) for use with the Hotspot software by Antamedia. It is assumed that OpenSSL is installed on your system. It is also assumed that you have registered a domain name for your hotspot and that its DNS has been configured to point to the IP address of your hotspot server.

To begin the process, a Certificate Signing Requests (CSR) must be sent to a Certificate Authority (CA) to be signed. Once signed, a certificate will be returned to you. Be sure to check with the CA in question for any instructions not covered here. This process has been successfully tested on Windows XP using a FreeSSL 1 month test certificate provided by RapidSSL.com. The procedure is the same for RapidSSL's commercial products and should be very similar with other CAs.

1. Generate a private RSA key

Run OpenSSL and at the command line prompt, enter:

OpenSSL> genrsa -out host.key 1024

A file named host.key file will be generated in the same directory as the 'OpenSSL' command line program. Keep this file safe! Without it, your certificate can't work and you'll have to order a new one. This file is your private RSA host key and should not be sent anywhere.

2. Generate a CSR

OpenSSL> req -new -nodes -key host.key -out host.csr

Enter the requested information when prompted. Be sure to use the correct 2 digit country code. When prompted for the x509 Common Name attribute, enter the fully qualified hostname (domain name) the certificate will be used with. Please note, this MUST be the exact domain name being used for the hotspot server. ie. the domain should resolve to the IP address of your hotspot server.

Common Name (eg, YOUR name) []:www.yourhotspot.com

where www.yourhotspot.com is the domain name of your hotspot. The e-mail address you provide will likely be used by the CA to deliver your certificate. Leave any subsequent attributes blank, unless the CA requests something be set in them. Upon completion of this step, a file named host.csr will be created in the same directory.

3. Deliver the CSR data to the CA

The contents of the host.csr file must be submitted to the CA, though the method will vary. The procedure with RapidSSL is to copy/paste the contents of the host.csr file into their web order form. It is then up to the CA to return the certificate data. Most CAs will require some form of authentication. RapidSSL uses an automated phone system which calls and prompts you to enter the digits on your computer screen. You must also confirm you have admin access to your domain name. Other CAs may have further requirements.

4. Setup Files for use with Antamedia Hotspot

Once the certificate has arrived from the CA (usually via email) you must copy/paste the certificate into a text file. Name the text file AHRootCert.pem. Rename the host.key file that was generated at the beginning to AHRootKey.pem. Finally, obtain the Root Certificate file which should be provided as a download from your CA. Click here to obtain the FreeSSL Root Certificate (Base-64 encoded X.509) from RapidSSL. Rename the downloaded Root Cetificate file to AHRoot.pem. Now place all three files (AHRootCert.pem, AHRootKey.pem, AHRoot.pem) at the root level of the Hotspot installation folder (replacing the existing files). Launch Hotspot and login as administrator. Go to SETUP->Credit Cards->SSL Setup and enter the domain name of your hotspot server (omit the https:// and enter just the domain). Please note, this must be the exact domain name used on the certficate and must resolve to the IP address of the hotspot server. Save, connect to the hotspot and test the certificate.

This document has been adapted from:

http://sial.org/howto/openssl/csr/

by Marc Smith (marcsmith@mac.com)

12/18/2006 initial release
06/06/2007 clarified domain name configuration within Hotspot
06/13/2007 modified commands as they should be entered using OpenSSL under Windows XP

©2001-2007 Antamedia