Use correct key (ca.key, not server.key)

	Add in v3 extensions to make it work on Nokia e51, e60, Mobile
	Windows Clients, Symbian devices.  This closes bug #524

diff --git a/raddb/certs/ca.cnf b/raddb/certs/ca.cnf
index 4f66e47..1bf8a84 100644 (file)
--- a/raddb/certs/ca.cnf
+++ b/raddb/certs/ca.cnf
@@ -7,10 +7,10 @@ certs                 = $dir
 crl_dir                        = $dir/crl
 database               = $dir/index.txt
 new_certs_dir          = $dir
-certificate            = $dir/server.pem
+certificate            = $dir/ca.pem
 serial                 = $dir/serial
 crl                    = $dir/crl.pem
-private_key            = $dir/server.key
+private_key            = $dir/ca.key
 RANDFILE               = $dir/.rand
 name_opt               = ca_default
 cert_opt               = ca_default
@@ -43,6 +43,7 @@ distinguished_name    = certificate_authority
 default_bits           = 2048
 input_password         = whatever
 output_password                = whatever
+x509_extensions                = v3_ca
 
 [certificate_authority]
 countryName            = FR
@@ -51,3 +52,8 @@ localityName          = Somewhere
 organizationName       = Example Inc.
 emailAddress           = admin@example.com
 commonName             = "Example Certificate Authority"
+
+[v3_ca]
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+basicConstraints       = CA:true