Client certs are signed by the CA, not by the server

author Alan T. DeKok <aland@freeradius.org>

Thu, 23 Feb 2012 12:04:31 +0000 (13:04 +0100)

committer Alan T. DeKok <aland@freeradius.org>

Thu, 23 Feb 2012 12:04:31 +0000 (13:04 +0100)
author Alan T. DeKok <aland@freeradius.org>
Thu, 23 Feb 2012 12:04:31 +0000 (13:04 +0100)
committer Alan T. DeKok <aland@freeradius.org>
Thu, 23 Feb 2012 12:04:31 +0000 (13:04 +0100)
diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile

index 376ad939b8459ce5190543e3aad2b1261f3a9891..cfd31cd3a8b4085fc670b2a21a4eb82b1bc6c3fc 100644 (file)
--- a/raddb/certs/Makefile
+++ b/raddb/certs/Makefile
@@ -99,7 +99,7 @@ client.pem: client.p12
         cp client.pem $(USER_NAME).pem
  
  .PHONY: client.vrfy
-client.vrfy: server.pem client.pem 
+client.vrfy: ca.pem client.pem 
         c_rehash .
         openssl verify -CApath . client.pem
  
diff --git a/raddb/certs/client.cnf b/raddb/certs/client.cnf

index 89fdb268e77de069d755c4165943e7cf3ae1f568..268fe6182000a06dff56b56a568410248ac6b853 100644 (file)
--- a/raddb/certs/client.cnf
+++ b/raddb/certs/client.cnf
@@ -7,10 +7,10 @@ certs                 = $dir
  crl_dir                        = $dir/crl
  database               = $dir/index.txt
  new_certs_dir          = $dir
-certificate            = $dir/server.pem
+certificate            = $dir/ca.pem
  serial                 = $dir/serial
  crl                    = $dir/crl.pem
-private_key            = $dir/server.key
+private_key            = $dir/ca.key
  RANDFILE               = $dir/.rand
  name_opt               = ca_default
  cert_opt               = ca_default
author	Alan T. DeKok <aland@freeradius.org>
	Thu, 23 Feb 2012 12:04:31 +0000 (13:04 +0100)
committer	Alan T. DeKok <aland@freeradius.org>
	Thu, 23 Feb 2012 12:04:31 +0000 (13:04 +0100)
raddb/certs/Makefile		patch \| blob \| blame \| history
raddb/certs/client.cnf		patch \| blob \| blame \| history