free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Go to sha256 certificates

Bob Mottram 10 years ago
parent
037f801270
commit
0de2445636
1 changed files with 6 additions and 5 deletions
Unified View Show Diff Stats
  1. 6
    5
      beaglebone.txt

+ 6
- 5
beaglebone.txt View File

2647
2647
2648 
 openssl req \
 2648 
 openssl req \
2649 
   -x509 -nodes -days 3650 \
 2649 
   -x509 -nodes -days 3650 \
2650 
+  -sha256 \
2650 
   -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
 2651 
   -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
2651 
   -newkey rsa:2048 \
 2652 
   -newkey rsa:2048 \
2652 
   -keyout /etc/ssl/private/$HOSTNAME.key \
 2653 
   -keyout /etc/ssl/private/$HOSTNAME.key \
3420 
 #+BEGIN_SRC: bash
 3421 
 #+BEGIN_SRC: bash
3421 
 mkdir /home/ircserver/ircd/ssl
 3422 
 mkdir /home/ircserver/ircd/ssl
3422 
 openssl genrsa -out /home/ircserver/ircd/ssl/ircd.key 4096
 3423 
 openssl genrsa -out /home/ircserver/ircd/ssl/ircd.key 4096
3423 
-openssl req -new -x509 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
3424 
+openssl req -new -x509 -sha256 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
3424 
 #+END_SRC
 3425 
 #+END_SRC
3425
3426
3426 
 You will be asked for some details. The next step will take a few minutes to gather entropy, so go and do something else.
 3427 
 You will be asked for some details. The next step will take a few minutes to gather entropy, so go and do something else.
4031
4032
4032 
 #+BEGIN_SRC: bash
 4033 
 #+BEGIN_SRC: bash
4033 
 openssl genrsa -out /etc/ssl/private/xmpp.key 4096
 4034 
 openssl genrsa -out /etc/ssl/private/xmpp.key 4096
4034 
-openssl req -new -x509 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
4035 
+openssl req -new -x509 -sha256 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
4035 
 #+END_SRC
 4036 
 #+END_SRC
4036
4037
4037 
 Change permissions.
 4038 
 Change permissions.
7818
7819
7819 
 #+BEGIN_SRC: bash
 7820 
 #+BEGIN_SRC: bash
7820 
 openssl genrsa -out /etc/ssl/private/xmpp.key 4096
 7821 
 openssl genrsa -out /etc/ssl/private/xmpp.key 4096
7821 
-openssl req -new -x509 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
7822 
+openssl req -new -sha256 -x509 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
7822 
 chmod 600 /etc/ssl/private/xmpp.key
 7823 
 chmod 600 /etc/ssl/private/xmpp.key
7823 
 chmod 600 /etc/ssl/certs/xmpp.crt
 7824 
 chmod 600 /etc/ssl/certs/xmpp.crt
7824 
 chown prosody:prosody /etc/ssl/private/xmpp.key
 7825 
 chown prosody:prosody /etc/ssl/private/xmpp.key
7829
7830
7830 
 #+BEGIN_SRC: bash
 7831 
 #+BEGIN_SRC: bash
7831 
 openssl genrsa -out /home/ircserver/ircd/ssl/ircd.key 4096
 7832 
 openssl genrsa -out /home/ircserver/ircd/ssl/ircd.key 4096
7832 
-openssl req -new -x509 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
7833 
+openssl req -new -x509 -sha256 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
7833 
 openssl dhparam -out /home/ircserver/ircd/ssl/dhparam.pem 1024
 7834 
 openssl dhparam -out /home/ircserver/ircd/ssl/dhparam.pem 1024
7834 
 #+END_SRC
 7835 
 #+END_SRC
7835
7836
7946 
 Now make a certificate request as follows.  You should copy and paste the whole of this, not just line by line.
 7947 
 Now make a certificate request as follows.  You should copy and paste the whole of this, not just line by line.
7947
7948
7948 
 #+BEGIN_SRC: bash
 7949 
 #+BEGIN_SRC: bash
7949 
-openssl req -new -key /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/requests/$HOSTNAME.csr
7950 
+openssl req -new -sha256 -key /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/requests/$HOSTNAME.csr
7950 
 #+END_SRC
 7951 
 #+END_SRC
7951
7952
7952 
 For the email address it's a good idea to use postmaster@mydomainname.
 7953 
 For the email address it's a good idea to use postmaster@mydomainname.