From 9c023486d92601347bb4411570277b913ae7ec36 Mon Sep 17 00:00:00 2001 From: jbjohnso Date: Fri, 18 Jan 2013 14:31:13 +0000 Subject: [PATCH] Fix some mistakes in the SSL certificate tweaks git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@14919 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd --- xCAT-server/share/xcat/ca/openssl.cnf.tmpl | 4 ++-- xCAT-server/share/xcat/scripts/setup-local-client.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/xCAT-server/share/xcat/ca/openssl.cnf.tmpl b/xCAT-server/share/xcat/ca/openssl.cnf.tmpl index ee26a53eb..08732fd33 100644 --- a/xCAT-server/share/xcat/ca/openssl.cnf.tmpl +++ b/xCAT-server/share/xcat/ca/openssl.cnf.tmpl @@ -162,7 +162,7 @@ nsCertType = server, client, objsign nsComment = "OpenSSL Generated Server Certificate" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer -keyUsage = digiatalSignature,KeyAgreement +keyUsage = digitalSignature,keyAgreement extendedKeyUsage = serverAuth [ usr_cert ] @@ -173,7 +173,7 @@ extendedKeyUsage = serverAuth # requires this to avoid interpreting an end user certificate as a CA. basicConstraints=CA:FALSE -keyUsage = digiatalSignature,KeyAgreement +keyUsage = digitalSignature,keyAgreement extendedKeyUsage = clientAuth # Here are some examples of the usage of nsCertType. If it is omitted diff --git a/xCAT-server/share/xcat/scripts/setup-local-client.sh b/xCAT-server/share/xcat/scripts/setup-local-client.sh index 5e8a3b7a8..dd95a4e4d 100755 --- a/xCAT-server/share/xcat/scripts/setup-local-client.sh +++ b/xCAT-server/share/xcat/scripts/setup-local-client.sh @@ -51,7 +51,7 @@ done mkdir -p $USERHOME/.xcat cd $USERHOME/.xcat openssl genrsa -out client-key.pem 2048 -openssl req -config $XCATCADIR/openssl.cnf -new -key client-key.pem -out client-req.pem -extensions usr_crt -subj "/CN=$CNA" +openssl req -config $XCATCADIR/openssl.cnf -new -key client-key.pem -out client-req.pem -extensions usr_cert -subj "/CN=$CNA" cp client-req.pem $XCATDIR/ca/root.csr cd - cd $XCATDIR/ca