On Wed, 29 Jun 2011 15:03:33 +0200, Alan DeKok <al...@deployingradius.com>
wrote:
>> I thought it was some advanced chained root thing, but I never got it
to
>> work even once, so I wrote my own, but it sucks. I think it may be a
bug,
>> and you just reminded me of that. someone who knows what they're
actually
>> on about should investigate that and see if it needs fixin' or filin'.
> It's a bug. The simplest thing to do is to make the client cert signed
by
> the CA cert. This might have been done already, but I don't recall.
>
> Patches are welcome.
I just checked 2.1.11 and that's fine. In raddb/certs/Makefile:
-------
client.crt: client.csr ca.pem ca.key
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr
-key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile
xpextensions -config ./client.cnf
-------
--
mandi, Marco
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
