Changeset 510:48d306c0db29 in freeDiameter for contrib/OpenWRT
- Timestamp:
- Aug 20, 2010, 2:28:45 PM (14 years ago)
- Branch:
- default
- Phase:
- public
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
contrib/OpenWRT/packages/freeDiameter/Makefile
r509 r510 95 95 echo "TLS_Cred = \"/etc/freeDiameter/freeDiameter.pem\", \"/etc/freeDiameter/freeDiameter.key\";" \ 96 96 >> $(1)/etc/freeDiameter/freeDiameter.conf 97 echo "TLS_CA = \"/etc/freeDiameter/freeDiameter.ca.pem\";" \ 98 >> $(1)/etc/freeDiameter/freeDiameter.conf 97 99 echo "TLS_DH_Bits = 768;" >> $(1)/etc/freeDiameter/freeDiameter.conf 98 100 echo "LoadExtension = \"dict_nasreq.fdx\";" >> $(1)/etc/freeDiameter/freeDiameter.conf … … 171 173 echo "signing_key" >>/tmp/template.cnf 172 174 echo "encryption_key" >>/tmp/template.cnf 173 certtool -q --load-privkey /etc/freeDiameter/freeDiameter.key \ 175 if [ ! -f "/etc/freeDiameter/freeDiameter.csr" ]; then 176 echo "Creating a new CSR" 177 certtool -q --load-privkey /etc/freeDiameter/freeDiameter.key \ 174 178 --outfile /etc/freeDiameter/freeDiameter.csr \ 175 179 --template /tmp/template.cnf 180 fi 176 181 certtool -s --load-privkey /etc/freeDiameter/freeDiameter.key \ 177 182 --outfile /etc/freeDiameter/freeDiameter.pem \ 178 183 --template /tmp/template.cnf 179 184 rm -f /tmp/template.cnf 185 cat /etc/freeDiameter/freeDiameter.pem >> /etc/freeDiameter/freeDiameter.ca.pem 180 186 echo "Done." 181 187 echo "========================================================================" 182 188 echo "To enable TLS communication, you should either:" 183 echo " - use a real certificate signed by your server's CA" 184 echo " (CSR provided in /etc/freeDiameter/freeDiameter.csr)" 185 echo " - or, copy the two certificates (client & server) in a ca.pem file and " 186 echo " add this file in both freeDiameter configurations (as TLS_CA)." 189 echo " - use a real certificate signed by your server's CA:" 190 echo " Use the CSR provided in /etc/freeDiameter/freeDiameter.csr" 191 echo " Save the new certificate as /etc/freeDiameter/freeDiameter.pem" 192 echo " Replace the contents of /etc/freeDiameter/freeDiameter.ca.pem with your CA's certificate" 193 echo " - or, declare the certificates as trusted as follow: " 194 echo " Add your server's CA certificate into /etc/freeDiameter/freeDiameter.ca.pem" 195 echo " Add the content of /etc/freeDiameter/freeDiameter.pem into your server's trusted CA file" 187 196 echo "========================================================================" 188 197 fi
Note: See TracChangeset
for help on using the changeset viewer.