# HG changeset patch # User Sebastien Decugis # Date 1282272340 -32400 # Node ID f82bf741cd1059feedc7956847505ba39565fd95 # Parent f31f2b5038b622d8987aa0a02c8f35b50ffe8f44 Improved the postinst script to generate a CSR also diff -r f31f2b5038b6 -r f82bf741cd10 contrib/OpenWRT/packages/freeDiameter/Makefile --- a/contrib/OpenWRT/packages/freeDiameter/Makefile Thu Aug 19 20:07:58 2010 +0900 +++ b/contrib/OpenWRT/packages/freeDiameter/Makefile Fri Aug 20 11:45:40 2010 +0900 @@ -170,17 +170,21 @@ echo "expiration_days = 3650" >>/tmp/template.cnf echo "signing_key" >>/tmp/template.cnf echo "encryption_key" >>/tmp/template.cnf + certtool -q --load-privkey /etc/freeDiameter/freeDiameter.key \ + --outfile /etc/freeDiameter/freeDiameter.csr \ + --template /tmp/template.cnf certtool -s --load-privkey /etc/freeDiameter/freeDiameter.key \ --outfile /etc/freeDiameter/freeDiameter.pem \ --template /tmp/template.cnf rm -f /tmp/template.cnf echo "Done." - echo "============================================================" + echo "========================================================================" echo "To enable TLS communication, you should either:" echo " - use a real certificate signed by your server's CA" - echo " - or, copy the two peers certificates in a ca.pem file and " - echo " add this file in freeDiameter configuration." - echo "============================================================" + echo " (CSR provided in /etc/freeDiameter/freeDiameter.csr)" + echo " - or, copy the two certificates (client & server) in a ca.pem file and " + echo " add this file in both freeDiameter configurations (as TLS_CA)." + echo "========================================================================" fi endef