Univention Bugzilla – Attachment 7176 Details for
Bug 37621
Improve defaults for root certificate private key
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Change key encryption and default bits for root-CA private key
ssl_encryption (text/plain), 2.51 KB, created by
Michael Grandjean
on 2015-09-19 00:13:22 CEST
(
hide
)
Description:
Change key encryption and default bits for root-CA private key
Filename:
MIME Type:
Creator:
Michael Grandjean
Created:
2015-09-19 00:13:22 CEST
Size:
2.51 KB
patch
obsolete
>Index: univention-ssl/debian/univention-ssl.univention-config-registry-variables >=================================================================== >--- univention-ssl/debian/univention-ssl.univention-config-registry-variables (Revision 63847) >+++ univention-ssl/debian/univention-ssl.univention-config-registry-variables (Arbeitskopie) >@@ -47,8 +47,8 @@ > Categories=system-ssl > > [ssl/default/hashfunction] >-Description[de]=Diese Hash-Funktion (Message Digest) wird in neu ausgestellten SSL-Zertifikaten verwendet: 'md5', 'sha1', ... >-Description[en]=This hash function (message digest) is used in newly created SSL certificates: 'md5', 'sha1', ... >+Description[de]=Diese Hash-Funktion (Message Digest) wird in neu ausgestellten SSL-Zertifikaten verwendet: 'sha1', 'sha256', ... >+Description[en]=This hash function (message digest) is used in newly created SSL certificates: 'sha1', 'sha256', ... > Type=str > Categories=system-ssl > >@@ -58,6 +58,12 @@ > Type=int > Categories=system-ssl > >+[ssl/default/key_encryption] >+Description[de]=Bestimmt den Verschlüsselungsalgorithmus für den privaten Schlüssel. Der Standard ist aes256. >+Description[en]=Specifies the cipher the private key is encrypted with. Default is aes256. >+Type=str >+Categories=system-ssl >+ > [ssl/validity/check] > Description[de]=Ist diese Option aktiviert, wird durch einen täglichen Cron-Job die Gültigkeit der SSL-Zertifikate geprüft. > Description[en]=If this option is activated, the validity of the SSL certificates is checked through a daily cron job. >Index: univention-ssl/make-certificates.sh >=================================================================== >--- univention-ssl/make-certificates.sh (Revision 63847) >+++ univention-ssl/make-certificates.sh (Arbeitskopie) >@@ -53,6 +53,9 @@ > if [ -z "$DEFAULT_BITS" ]; then > DEFAULT_BITS="2048" > fi >+DEFAULT_KEY_ENC="$(/usr/sbin/univention-config-registry get ssl/default/key_encryption)" >+if [ -z "$DEFAULT_KEY_ENC" ]; then >+ DEFAULT_KEY_ENC="aes256" > > if test -e "$SSLBASE/password"; then > PASSWD=`cat "$SSLBASE/password"` >@@ -264,7 +267,7 @@ > # make the root-CA configuration file > mk_config openssl.cnf "$PASSWD" "$DEFAULT_DAYS" "$ssl_common" > >- openssl genrsa -des3 -passout pass:"$PASSWD" -out "${CA}/private/CAkey.pem" 2048 >+ openssl genrsa -"$DEFAULT_KEY_ENC" -passout pass:"$PASSWD" -out "${CA}/private/CAkey.pem" "$DEFAULT_BITS" > openssl req -batch -config openssl.cnf -new -x509 -days "$DEFAULT_DAYS" -key "${CA}/private/CAkey.pem" -out "${CA}/CAcert.pem" > > # copy the public key to a place, from where browsers can access it
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7176">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 37621
: 7176