From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 23 Feb 2012 12:04:31 +0000 (+0100)
Subject: Client certs are signed by the CA, not by the server
X-Git-Tag: release_2_2_0~158
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c29f08c0caafaef964767c8e0b1f0b7325b228ef;p=thirdparty%2Ffreeradius-server.git

Client certs are signed by the CA, not by the server
---

diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile
index 376ad939b84..cfd31cd3a8b 100644
--- a/raddb/certs/Makefile
+++ b/raddb/certs/Makefile
@@ -99,7 +99,7 @@ client.pem: client.p12
 	cp client.pem $(USER_NAME).pem
 
 .PHONY: client.vrfy
-client.vrfy: server.pem client.pem 
+client.vrfy: ca.pem client.pem 
 	c_rehash .
 	openssl verify -CApath . client.pem
 
diff --git a/raddb/certs/client.cnf b/raddb/certs/client.cnf
index 89fdb268e77..268fe618200 100644
--- a/raddb/certs/client.cnf
+++ b/raddb/certs/client.cnf
@@ -7,10 +7,10 @@ certs			= $dir
 crl_dir			= $dir/crl
 database		= $dir/index.txt
 new_certs_dir		= $dir
-certificate		= $dir/server.pem
+certificate		= $dir/ca.pem
 serial			= $dir/serial
 crl			= $dir/crl.pem
-private_key		= $dir/server.key
+private_key		= $dir/ca.key
 RANDFILE		= $dir/.rand
 name_opt		= ca_default
 cert_opt		= ca_default