Decoupled accounting
Devinder Singh
devinbhullar at gmail.com
Tue Aug 4 10:39:57 CEST 2009
Ok once i have made the changes shoud i repeat the steps in the
/etc/raddb/README to generate the certs , server and client once again?
2009/8/4 Ivan Kalik <tnt at kalik.net>:
>> ok could you let me know what do i need to alter in the Make File.
>>
>> Just wanted to make sure i dont do something wrong here
>>
>> What are the steps that i need to take to do this.
>>
>> I can see a Makefile in /etc/raddb/certs
>
> I don't know much about makefiles. I have altered one using "hit and miss"
> method.
>
> Alter the client section like this:
>
> client.csr client.key: client.cnf
> openssl req -new -out client.csr -keyout client.key -config
> ./client.cnf
>
> client.crt: client.csr ca.pem ca.key index.txt serial
> openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr
> -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext
> -extfile xpextensions -config ./client.cnf
>
> client.p12: client.crt
> openssl pkcs12 -export -in client.crt -inkey client.key -out
> client.p12 -passin pass:$(PASSWORD_CLIENT) -passout
> pass:$(PASSWORD_CLIENT)
>
> client.pem: client.p12
> openssl pkcs12 -in client.p12 -out client.pem -passin
> pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
> cp client.pem $(USER_NAME).pem
>
> .PHONY: server.vrfy
> client.vrfy: ca.pem client.pem
> c_rehash .
> openssl verify -CApath . client.pem
>
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
--
Devinder
More information about the Freeradius-Users
mailing list