free
/
freedombone
Observar 1
Favorito 0
Fork 0
Código Issues 0 Pull Requests 0 Versões 0 Wiki Atividade
Ver código fonte

Go to sha256 certificates

Bob Mottram 11 anos atrás
pai
037f801270
commit
0de2445636
1 arquivos alterados com 6 adições e 5 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 6
    5
      beaglebone.txt

+ 6
- 5
beaglebone.txt Ver arquivo 

@@ -2647,6 +2647,7 @@ UNIT="Freedombone Unit"
2647 2647
2648 2648 
 openssl req \
2649 2649 
   -x509 -nodes -days 3650 \
2650 
+  -sha256 \
2650 2651 
   -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
2651 2652 
   -newkey rsa:2048 \
2652 2653 
   -keyout /etc/ssl/private/$HOSTNAME.key \
 
@@ -3420,7 +3421,7 @@ Create some ssl certificates:
3420 3421 
 #+BEGIN_SRC: bash
3421 3422 
 mkdir /home/ircserver/ircd/ssl
3422 3423 
 openssl genrsa -out /home/ircserver/ircd/ssl/ircd.key 4096
3423 
-openssl req -new -x509 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
3424 
+openssl req -new -x509 -sha256 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
3424 3425 
 #+END_SRC
3425 3426
3426 3427 
 You will be asked for some details. The next step will take a few minutes to gather entropy, so go and do something else.
 
@@ -4031,7 +4032,7 @@ Generate a SSL certificate.
4031 4032
4032 4033 
 #+BEGIN_SRC: bash
4033 4034 
 openssl genrsa -out /etc/ssl/private/xmpp.key 4096
4034 
-openssl req -new -x509 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
4035 
+openssl req -new -x509 -sha256 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
4035 4036 
 #+END_SRC
4036 4037
4037 4038 
 Change permissions.
 
@@ -7818,7 +7819,7 @@ Recreate the XMPP certificate:
7818 7819
7819 7820 
 #+BEGIN_SRC: bash
7820 7821 
 openssl genrsa -out /etc/ssl/private/xmpp.key 4096
7821 
-openssl req -new -x509 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
7822 
+openssl req -new -sha256 -x509 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
7822 7823 
 chmod 600 /etc/ssl/private/xmpp.key
7823 7824 
 chmod 600 /etc/ssl/certs/xmpp.crt
7824 7825 
 chown prosody:prosody /etc/ssl/private/xmpp.key
 
@@ -7829,7 +7830,7 @@ And regenerate the IRC server keys:
7829 7830
7830 7831 
 #+BEGIN_SRC: bash
7831 7832 
 openssl genrsa -out /home/ircserver/ircd/ssl/ircd.key 4096
7832 
-openssl req -new -x509 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
7833 
+openssl req -new -x509 -sha256 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
7833 7834 
 openssl dhparam -out /home/ircserver/ircd/ssl/dhparam.pem 1024
7834 7835 
 #+END_SRC
7835 7836 
 
@@ -7946,7 +7947,7 @@ mkdir /etc/ssl/requests
7946 7947 
 Now make a certificate request as follows.  You should copy and paste the whole of this, not just line by line.
7947 7948
7948 7949 
 #+BEGIN_SRC: bash
7949 
-openssl req -new -key /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/requests/$HOSTNAME.csr
7950 
+openssl req -new -sha256 -key /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/requests/$HOSTNAME.csr
7950 7951 
 #+END_SRC
7951 7952
7952 7953 
 For the email address it's a good idea to use postmaster@mydomainname.