View | Details | Raw Unified | Return to bug 37621
Collapse All | Expand All

(-)univention-ssl/debian/univention-ssl.univention-config-registry-variables (-2 / +8 lines)
 Lines 47-54    Link Here 
47 
Categories=system-ssl
 47 
Categories=system-ssl
48 

          48
          

        

        

          49
          
[ssl/default/hashfunction]

          49
          
[ssl/default/hashfunction]

        

          
            

              50
              
Description[de]=Diese Hash-Funktion (Message Digest) wird in neu ausgestellten SSL-Zertifikaten verwendet: 'md5', 'sha1', ...


              50
              
Description[de]=Diese Hash-Funktion (Message Digest) wird in neu ausgestellten SSL-Zertifikaten verwendet: 'sha1', 'sha256', ...

            

            

              51
              
Description[en]=This hash function (message digest) is used in newly created SSL certificates: 'md5', 'sha1', ...


              51
              
Description[en]=This hash function (message digest) is used in newly created SSL certificates: 'sha1', 'sha256', ...

            

        

          52
          
Type=str

          52
          
Type=str

        

        

          53
          
Categories=system-ssl

          53
          
Categories=system-ssl

        

        

          54
          

          54
          

        

  

    

    

       Lines 58-63
       
    
  Link Here 
    

  

        

          58
          
Type=int

          58
          
Type=int

        

        

          59
          
Categories=system-ssl

          59
          
Categories=system-ssl

        

        

          60
          

          60
          

        

            

              
              
              61
              
[ssl/default/key_encryption]

            

            

              62
              
Description[de]=Bestimmt den Verschlüsselungsalgorithmus für den privaten Schlüssel. Der Standard ist aes256.

            

            

              63
              
Description[en]=Specifies the cipher the private key is encrypted with. Default is aes256.

            

            

              64
              
Type=str

            

            

              65
              
Categories=system-ssl

            

            

              66
              

            

        

          61
          
[ssl/validity/check]

          67
          
[ssl/validity/check]

        

        

          62
          
Description[de]=Ist diese Option aktiviert, wird durch einen täglichen Cron-Job die Gültigkeit der SSL-Zertifikate geprüft.

          68
          
Description[de]=Ist diese Option aktiviert, wird durch einen täglichen Cron-Job die Gültigkeit der SSL-Zertifikate geprüft.

        

        

          63
          
Description[en]=If this option is activated, the validity of the SSL certificates is checked through a daily cron job.

          69
          
Description[en]=If this option is activated, the validity of the SSL certificates is checked through a daily cron job.

        



(-)univention-ssl/make-certificates.sh
      (-1 / +4 lines)




  

    

    

       Lines 53-58
       
    
  Link Here 
    

  

        

          53
          
if [ -z "$DEFAULT_BITS" ]; then

          53
          
if [ -z "$DEFAULT_BITS" ]; then

        

        

          54
          
	DEFAULT_BITS="2048"

          54
          
	DEFAULT_BITS="2048"

        

        

          55
          
fi

          55
          
fi

        

            

              
              
              56
              
DEFAULT_KEY_ENC="$(/usr/sbin/univention-config-registry get ssl/default/key_encryption)"

            

            

              57
              
if [ -z "$DEFAULT_KEY_ENC" ]; then

            

            

              58
              
	DEFAULT_KEY_ENC="aes256"

            

        

          56
          

          59
          

        

        

          57
          
if test -e "$SSLBASE/password"; then

          60
          
if test -e "$SSLBASE/password"; then

        

        

          58
          
	PASSWD=`cat "$SSLBASE/password"`

          61
          
	PASSWD=`cat "$SSLBASE/password"`

        

  

    

    

       Lines 264-270
       
    
  Link Here 
    

  

        

          264
          
	# make the root-CA configuration file

          267
          
	# make the root-CA configuration file

        

        

          265
          
	mk_config openssl.cnf "$PASSWD" "$DEFAULT_DAYS" "$ssl_common"

          268
          
	mk_config openssl.cnf "$PASSWD" "$DEFAULT_DAYS" "$ssl_common"

        

        

          266
          

          269
          

        

          
            

              267
              
	openssl genrsa -des3 -passout pass:"$PASSWD" -out "${CA}/private/CAkey.pem" 2048


              270
              
	openssl genrsa -"$DEFAULT_KEY_ENC" -passout pass:"$PASSWD" -out "${CA}/private/CAkey.pem" "$DEFAULT_BITS"

            

        

          268
          
	openssl req -batch -config openssl.cnf -new -x509 -days "$DEFAULT_DAYS" -key "${CA}/private/CAkey.pem" -out "${CA}/CAcert.pem"

          271
          
	openssl req -batch -config openssl.cnf -new -x509 -days "$DEFAULT_DAYS" -key "${CA}/private/CAkey.pem" -out "${CA}/CAcert.pem"

        

        

          269
          

          272
          

        

        

          270
          
	# copy the public key to a place, from where browsers can access it

          273
          
	# copy the public key to a place, from where browsers can access it

        






  

  Return to bug 37621