document default_days a bit more

diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile
index c9fbc9e8646bb157092e48c95352cb2866bafeaf..34948bd9248a6953de3696abcd2088a7a5cee014 100644 (file)
--- a/raddb/certs/Makefile
+++ b/raddb/certs/Makefile
@@ -28,7 +28,7 @@ include passwords.mk
 #
 ######################################################################
 .PHONY: all
-all: index.txt serial dh ca server client
+all: index.txt serial ca server client
 
 .PHONY: client
 client: client.pem

diff --git a/raddb/certs/README.md b/raddb/certs/README.md
index aae1797fe2f0df4a66d6217edeceafdb79240c3b..1d73f99061fc397983e2c6edb20a70646efe6683 100644 (file)
--- a/raddb/certs/README.md
+++ b/raddb/certs/README.md
@@ -70,6 +70,8 @@ general) more secure.
 $ vi ca.cnf
 ```
 
+Edit `default_days` to set the desired lifetime of the CA certificate.
+
 Edit the `input_password` and `output_password` fields to be the
 password for the CA certificate.
 
@@ -100,6 +102,9 @@ EAP-TLS that is tunneled inside of another TLS-based EAP method.
 $ vi server.cnf
 ```
 
+Edit `default_days` to set the lifetime of the server certificate.
+The maximum for this is 825 for compatibility with all client devices.
+
 Edit the `input_password` and `output_password` fields to be the
 password for the server certificate.
 
@@ -140,6 +145,8 @@ will have to have the password for the CA certificate in the
 $ vi client.cnf
 ```
 
+Edit `default_days` to set the lifetime of the client certificate.
+
 Edit the `input_password` and `output_password` fields to be the
 password for the client certificate.  You will have to give these
 passwords to the end user who will be using the certificates.