freeDiameter: contrib/OpenWRT/packages/freeDiameter/Makefile comparison

Improved the postinst script to generate a CSR also

author	Sebastien Decugis <sdecugis@nict.go.jp>
date	Fri, 20 Aug 2010 11:45:40 +0900
parents	f31f2b5038b6
children	48d306c0db29

comparison

equal deleted inserted replaced

-:f31f2b5038b6
+:f82bf741cd10
 echo "country = net"				>>/tmp/template.cnf
 echo "cn = $$localid"			>>/tmp/template.cnf
 echo "expiration_days = 3650"		>>/tmp/template.cnf
 echo "signing_key"				>>/tmp/template.cnf
 echo "encryption_key"			>>/tmp/template.cnf
+certtool -q --load-privkey /etc/freeDiameter/freeDiameter.key \
+--outfile /etc/freeDiameter/freeDiameter.csr \
+	       --template /tmp/template.cnf
 certtool -s --load-privkey /etc/freeDiameter/freeDiameter.key \
 --outfile /etc/freeDiameter/freeDiameter.pem \
 	       --template /tmp/template.cnf
 rm -f /tmp/template.cnf
 echo "Done."
-echo "============================================================"
+echo "========================================================================"
 echo "To enable TLS communication, you should either:"
 echo "  - use a real certificate signed by your server's CA"
-echo "  - or, copy the two peers certificates in a ca.pem file and "
+echo "      (CSR provided in /etc/freeDiameter/freeDiameter.csr)"
-echo "    add this file in freeDiameter configuration."
+echo "  - or, copy the two certificates (client & server) in a ca.pem file and "
-echo "============================================================"
+echo "    add this file in both freeDiameter configurations (as TLS_CA)."
+echo "========================================================================"
 fi
 endef
 $(eval $(call BuildPackage,freeDiameter))

Mercurial > hg > freeDiameter