Mercurial > hg > freeDiameter
changeset 509:f82bf741cd10
Improved the postinst script to generate a CSR also
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Fri, 20 Aug 2010 11:45:40 +0900 |
parents | f31f2b5038b6 |
children | 48d306c0db29 |
files | contrib/OpenWRT/packages/freeDiameter/Makefile |
diffstat | 1 files changed, 8 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/contrib/OpenWRT/packages/freeDiameter/Makefile Thu Aug 19 20:07:58 2010 +0900 +++ b/contrib/OpenWRT/packages/freeDiameter/Makefile Fri Aug 20 11:45:40 2010 +0900 @@ -170,17 +170,21 @@ echo "expiration_days = 3650" >>/tmp/template.cnf echo "signing_key" >>/tmp/template.cnf echo "encryption_key" >>/tmp/template.cnf + certtool -q --load-privkey /etc/freeDiameter/freeDiameter.key \ + --outfile /etc/freeDiameter/freeDiameter.csr \ + --template /tmp/template.cnf certtool -s --load-privkey /etc/freeDiameter/freeDiameter.key \ --outfile /etc/freeDiameter/freeDiameter.pem \ --template /tmp/template.cnf rm -f /tmp/template.cnf echo "Done." - echo "============================================================" + echo "========================================================================" echo "To enable TLS communication, you should either:" echo " - use a real certificate signed by your server's CA" - echo " - or, copy the two peers certificates in a ca.pem file and " - echo " add this file in freeDiameter configuration." - echo "============================================================" + echo " (CSR provided in /etc/freeDiameter/freeDiameter.csr)" + echo " - or, copy the two certificates (client & server) in a ca.pem file and " + echo " add this file in both freeDiameter configurations (as TLS_CA)." + echo "========================================================================" fi endef