From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 3 Dec 2009 09:25:33 +0000 (+0100)
Subject: Sign client certs with CA rather than server cert
X-Git-Tag: release_2_1_8~47
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a3fad63d64076cd369965697603b1230c4f6a213;p=thirdparty%2Ffreeradius-server.git

Sign client certs with CA rather than server cert
---

diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile
index 0baafd9ad75..fe4687f6424 100644
--- a/raddb/certs/Makefile
+++ b/raddb/certs/Makefile
@@ -54,7 +54,6 @@ dh:
 ca.key ca.pem: ca.cnf
 	openssl req -new -x509 -keyout ca.key -out ca.pem \
 		-days $(CA_DEFAULT_DAYS) -config ./ca.cnf
-		
 
 ca.der: ca.pem
 	openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der
@@ -89,8 +88,8 @@ server.vrfy: ca.pem
 client.csr client.key: client.cnf
 	openssl req -new  -out client.csr -keyout client.key -config ./client.cnf
 
-client.crt: client.csr server.crt server.key index.txt serial
-	openssl ca -batch -keyfile server.key -cert server.crt -in client.csr  -key $(PASSWORD_SERVER) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
+client.crt: client.csr ca.pem ca.key index.txt serial
+	openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr  -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
 
 client.p12: client.crt
 	openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12  -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)