From 0de24456360c39f24943fb5e350056f9a10babbe Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Sat, 13 Sep 2014 20:16:33 +0100
Subject: [PATCH] Go to sha256 certificates

---
 beaglebone.txt | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/beaglebone.txt b/beaglebone.txt
index 5da52236..5af7278d 100644
--- a/beaglebone.txt
+++ b/beaglebone.txt
@@ -2647,6 +2647,7 @@ UNIT="Freedombone Unit"
 
 openssl req \
   -x509 -nodes -days 3650 \
+  -sha256 \
   -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
   -newkey rsa:2048 \
   -keyout /etc/ssl/private/$HOSTNAME.key \
@@ -3420,7 +3421,7 @@ Create some ssl certificates:
 #+BEGIN_SRC: bash
 mkdir /home/ircserver/ircd/ssl
 openssl genrsa -out /home/ircserver/ircd/ssl/ircd.key 4096
-openssl req -new -x509 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
+openssl req -new -x509 -sha256 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
 #+END_SRC
 
 You will be asked for some details. The next step will take a few minutes to gather entropy, so go and do something else.
@@ -4031,7 +4032,7 @@ Generate a SSL certificate.
 
 #+BEGIN_SRC: bash
 openssl genrsa -out /etc/ssl/private/xmpp.key 4096
-openssl req -new -x509 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
+openssl req -new -x509 -sha256 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
 #+END_SRC
 
 Change permissions.
@@ -7818,7 +7819,7 @@ Recreate the XMPP certificate:
 
 #+BEGIN_SRC: bash
 openssl genrsa -out /etc/ssl/private/xmpp.key 4096
-openssl req -new -x509 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
+openssl req -new -sha256 -x509 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
 chmod 600 /etc/ssl/private/xmpp.key
 chmod 600 /etc/ssl/certs/xmpp.crt
 chown prosody:prosody /etc/ssl/private/xmpp.key
@@ -7829,7 +7830,7 @@ And regenerate the IRC server keys:
 
 #+BEGIN_SRC: bash
 openssl genrsa -out /home/ircserver/ircd/ssl/ircd.key 4096
-openssl req -new -x509 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
+openssl req -new -x509 -sha256 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
 openssl dhparam -out /home/ircserver/ircd/ssl/dhparam.pem 1024
 #+END_SRC
 
@@ -7946,7 +7947,7 @@ mkdir /etc/ssl/requests
 Now make a certificate request as follows.  You should copy and paste the whole of this, not just line by line.
 
 #+BEGIN_SRC: bash
-openssl req -new -key /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/requests/$HOSTNAME.csr
+openssl req -new -sha256 -key /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/requests/$HOSTNAME.csr
 #+END_SRC
 
 For the email address it's a good idea to use postmaster@mydomainname.