http://wiki.ampr.org/index.php/Services
Does anyone know if OH7LZB ever documented anywhere how to setup the server end of the OpenVPN that validates using the LoTW CA? Others might like to add the same functionality to their gateway server(s)
Am 17.10.2015 um 20:48 schrieb Steve L:
Does anyone know if OH7LZB ever documented anywhere how to setup the server end of the OpenVPN that validates using the LoTW CA?
I would be ineterested in particular which of the three different LoTW Root CAs are beeing used. I suspect my problems could come from having my cert signed by a different one than the tunnel is verifying against.
oe1rsa
On Mon, 19 Oct 2015, Roland Schwarz wrote:
(Please trim inclusions from previous messages) _______________________________________________ Am 17.10.2015 um 20:48 schrieb Steve L:
Does anyone know if OH7LZB ever documented anywhere how to setup the server end of the OpenVPN that validates using the LoTW CA?
The server end is stock openvpn, so you may use the openvpn config instructions / documentation to set it up. Nothing fancy, .
I would be ineterested in particular which of the three different LoTW Root CAs are beeing used. I suspect my problems could come from having my cert signed by a different one than the tunnel is verifying against.
Hmm, they have multiple roots? The one I have has:
Certificate: Data: Version: 3 (0x2) Serial Number: 16695542736414145637 (0xe7b27ba978517c65) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=CT, L=Newington, O=American Radio Relay League, OU=Logbook of the World, CN=Logbook of the World Root CA, DC=arrl.org/emailAddress=lotw@arrl.org Validity Not Before: Sep 15 16:31:12 2010 GMT Not After : Sep 12 16:31:12 2020 GMT Subject: C=US, ST=CT, L=Newington, O=American Radio Relay League, OU=Logbook of the World, CN=Logbook of the World Root CA, DC=arrl.org/emailAddress=lotw@arrl.org
X509v3 Subject Key Identifier: AE:00:0C:A4:88:83:B9:90:F5:CD:38:CC:E8:54:68:F4:4B:54:A1:EC
The client must be configured to provide the intermediate certificate.
- Hessu
Am 19.10.2015 um 17:54 schrieb Heikki Hannikainen:
Hmm, they have multiple roots? The one I have has:
Certificate: Data: Version: 3 (0x2) Serial Number: 16695542736414145637 (0xe7b27ba978517c65) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=CT, L=Newington, O=American Radio Relay League, OU=Logbook of the World, CN=Logbook of the World Root CA, DC=arrl.org/emailAddress=lotw@arrl.org Validity Not Before: Sep 15 16:31:12 2010 GMT Not After : Sep 12 16:31:12 2020 GMT Subject: C=US, ST=CT, L=Newington, O=American Radio Relay League, OU=Logbook of the World, CN=Logbook of the World Root CA, DC=arrl.org/emailAddress=lotw@arrl.org
X509v3 Subject Key Identifier: AE:00:0C:A4:88:83:B9:90:F5:CD:38:CC:E8:54:68:F4:4B:54:A1:EC
This is another one:
Certificate: Data: Version: 3 (0x2) Serial Number: 11364786056437220341 (0x9db7d4b48240c3f5) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=CT, L=Newington, O=American Radio Relay League, OU=Logbook of the World, CN=Logbook of the World Root CA, DC=arrl.org/emailAddress=lotw@arrl.org Validity Not Before: Sep 25 13:33:48 2009 GMT Not After : Sep 23 13:33:48 2019 GMT Subject: C=US, ST=CT, L=Newington, O=American Radio Relay League, OU=Logbook of the World, CN=Logbook of the World Root CA, DC=arrl.org/emailAddress=lotw@arrl.org Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:b6:fa:42:a7:c2:64:19:31:0d:ce:03:82:ff:70: 89:b1:df:cf:1f:76:06:ab:0a:2f:d7:16:2c:e4:e8: 47:55:3e:48:4d:52:a6:ae:e6:d1:c7:f5:be:b9:ce: 4d:42:7d:79:48:11:ba:fd:3e:6c:55:91:b0:9b:ed: f9:9b:4c:63:7c:f0:e0:02:e3:ae:4c:cb:af:d1:32: b8:24:d1:db:85:3f:f0:24:5c:5b:e0:44:fb:a5:e0: 54:cb:01:08:d0:cd:06:f3:21:36:98:b8:7f:aa:32: 02:39:6f:07:cb:c8:57:48:ef:99:20:73:dd:4d:bc: 8e:a6:b0:99:76:93:43:5f:a1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 30:AF:ED:4E:EE:59:FC:2F:27:50:B6:BC:C1:07:D6:0B:42:EA:55:F8 X509v3 Authority Key Identifier:
keyid:30:AF:ED:4E:EE:59:FC:2F:27:50:B6:BC:C1:07:D6:0B:42:EA:55:F8 DirName:/C=US/ST=CT/L=Newington/O=American Radio Relay League/OU=Logbook of the World/CN=Logbook of the World Root CA/DC=arrl.org/emailAddress=lotw@arrl.org serial:9D:B7:D4:B4:82:40:C3:F5
X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption 22:ac:5f:37:f4:fc:1b:96:5e:5b:e7:0a:28:29:57:2d:9b:bf: 39:db:92:3d:67:74:a3:67:bc:69:cb:59:1a:27:f5:83:33:e0: d7:e7:69:1b:ed:ae:74:e7:28:ec:a3:b5:7b:53:cc:d3:87:4b: 68:0d:ea:ce:09:06:84:73:26:b8:89:5e:bc:dc:f6:da:1e:c7: 3c:fc:a9:fb:c9:9b:ed:9d:ac:88:28:aa:96:d2:cc:25:0c:db: f8:1a:20:63:ee:3a:99:b7:be:3b:b2:47:09:89:87:de:3a:0c: 2e:0a:6a:47:ab:e7:68:7a:14:89:70:80:a2:c0:87:9a:cc:5b: 83:4e
and this is the one my cert is signed off by:
Certificate: Data: Version: 3 (0x2) Serial Number: 9511335557794417475 (0x83ff0d4bede0cb43) Signature Algorithm: sha512WithRSAEncryption Issuer: C=US, ST=CT, L=Newington, O=American Radio Relay League, OU=Logbook of the World, CN=Logbook of the World Root CA, DC=arrl.org/emailAddress=lotw@arrl.org Validity Not Before: Jun 9 15:34:28 2015 GMT Not After : Jun 6 15:34:28 2025 GMT Subject: C=US, ST=CT, L=Newington, O=American Radio Relay League, OU=Logbook of the World, CN=Logbook of the World Root CA, DC=arrl.org/emailAddress=lotw@arrl.org Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:d2:57:70:90:cf:cf:dc:ae:0e:ee:c4:f8:ff:8b: 74:7c:aa:cf:2f:16:a1:8e:97:78:16:93:8f:c1:70: a9:c9:69:84:9f:dc:8e:7d:71:8d:d2:94:dc:49:85: 09:9c:cd:f0:30:38:4a:ce:19:6f:42:e6:01:88:9c: 92:6f:a4:22:c8:90:a6:67:1c:07:85:85:a3:4d:9f: 4f:7f:3d:a0:0f:33:46:2b:85:36:4c:8d:4b:07:79: d8:73:f4:e6:d1:51:c6:65:ec:b1:0c:86:28:7d:72: d7:77:88:f0:5f:f0:57:24:1b:c3:2f:80:12:5c:31: d3:01:d5:3a:c9:7e:ef:0f:7a:48:11:66:d1:8a:20: 6e:b5:b4:97:35:b4:66:1c:46:29:a6:49:a1:b7:8b: 84:74:65:d8:93:a2:3f:ad:3a:27:e3:6c:49:43:68: b2:93:56:72:27:e1:80:0b:4a:60:34:46:c0:7e:52: 63:d1:67:fa:8c:84:8f:7a:eb:74:cc:36:c2:5f:ba: b7:10:2f:a4:d7:83:e1:08:1c:d9:c6:94:66:ba:db: 2e:1c:8c:d2:0f:25:d4:c8:ec:f9:38:ae:c2:fe:59: 3e:27:ed:b6:51:f8:05:94:54:c5:d3:e8:86:1a:66: f8:ac:3b:19:94:33:5a:97:f6:96:2b:71:77:fc:3a: c5:88:4c:4d:86:45:13:4c:41:93:fe:8d:51:d0:dd: de:2d:97:b2:43:36:b3:4f:ce:26:35:3b:3f:4f:2e: db:9d:e7:a6:a3:24:b7:fb:b2:67:9b:b3:2c:da:e9: ee:8d:85:93:60:3a:1b:12:7d:bc:2e:db:97:d2:73: 76:f9:c7:29:c8:d1:34:b0:93:3f:ff:27:8b:33:af: cb:1f:c2:45:49:c2:15:a8:34:6f:46:48:e3:52:1e: a9:d3:40:46:86:55:56:ab:56:94:14:3b:d6:5e:bb: 33:a8:de:76:64:4a:9e:c7:1f:f6:9a:7f:66:a4:34: 69:70:12:a9:2a:ca:d9:fb:1e:26:10:2b:06:c0:e7: 85:6c:f9:54:48:5f:bd:53:92:d1:7d:28:47:72:ea: 9d:37:85:54:9f:b3:dc:ea:5a:e0:4b:29:d0:17:d9: e7:a7:d0:80:d3:2b:d7:bc:99:d3:45:ff:db:38:03: 94:34:9b:10:12:06:b6:3d:7d:ef:85:57:7e:3b:30: b3:5c:b7:10:db:6a:a7:8c:71:4b:0c:06:2c:9a:8a: 1b:53:5a:6b:59:cc:2e:33:84:1b:9c:71:55:b5:bb: e6:0e:db:ab:a8:77:21:89:d8:80:fb:49:04:b2:64: 38:62:a2:95:99:2e:e8:3f:fe:68:69:4e:fb:ee:f0: e6:5e:7b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: C7:FC:CA:C2:73:C5:AF:CB:5B:F5:3A:60:7D:9A:9C:1A:EF:C0:8D:93 X509v3 Authority Key Identifier:
keyid:C7:FC:CA:C2:73:C5:AF:CB:5B:F5:3A:60:7D:9A:9C:1A:EF:C0:8D:93 DirName:/C=US/ST=CT/L=Newington/O=American Radio Relay League/OU=Logbook of the World/CN=Logbook of the World Root CA/DC=arrl.org/emailAddress=lotw@arrl.org serial:83:FF:0D:4B:ED:E0:CB:43
All these can be found in the root file of the linux tqsl package I have downloaded from the arrl website.
73 de oe1rsa
Back to the original "available services" part of this thread, I've been thinking about this as well. Maybe the group could consider a services advertisement protocol like ZeroConf (Avahi in Linux, Bonjour in OSX) with some modifications to minimize it's chattyness? Things like stations should not beacon what services they offer more than once an hour w/o being directly probed, etc.
--David KI6ZHD
-
David Ranch -
Heikki Hannikainen -
Roland Schwarz -
Steve L