arif/xcat-core
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix some mistakes in the SSL certificate tweaks

Browse Source 
git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@14919 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
jbjohnso 2013-01-18 14:31:13 +00:00
parent 48b64fc79a
commit 9c023486d9
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
xCAT-server/share/xcat/ca/openssl.cnf.tmpl
View File

@ -162,7 +162,7 @@ nsCertType = server, client, objsign
nsComment = "OpenSSL Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
keyUsage = digiatalSignature,KeyAgreement
keyUsage = digitalSignature,keyAgreement
extendedKeyUsage = serverAuth
[ usr_cert ]
@ -173,7 +173,7 @@ extendedKeyUsage = serverAuth
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
keyUsage = digiatalSignature,KeyAgreement
keyUsage = digitalSignature,keyAgreement
extendedKeyUsage = clientAuth
# Here are some examples of the usage of nsCertType. If it is omitted

2
xCAT-server/share/xcat/scripts/setup-local-client.sh
View File

@ -51,7 +51,7 @@ done
mkdir -p $USERHOME/.xcat
cd $USERHOME/.xcat
openssl genrsa -out client-key.pem 2048
openssl req -config $XCATCADIR/openssl.cnf -new -key client-key.pem -out client-req.pem -extensions usr_crt -subj "/CN=$CNA"
openssl req -config $XCATCADIR/openssl.cnf -new -key client-key.pem -out client-req.pem -extensions usr_cert -subj "/CN=$CNA"
cp client-req.pem $XCATDIR/ca/root.csr
cd -
cd $XCATDIR/ca