Go to sha256 certificates
This commit is contained in:
parent
037f801270
commit
0de2445636
|
@ -2647,6 +2647,7 @@ UNIT="Freedombone Unit"
|
||||||
|
|
||||||
openssl req \
|
openssl req \
|
||||||
-x509 -nodes -days 3650 \
|
-x509 -nodes -days 3650 \
|
||||||
|
-sha256 \
|
||||||
-subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
|
-subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
|
||||||
-newkey rsa:2048 \
|
-newkey rsa:2048 \
|
||||||
-keyout /etc/ssl/private/$HOSTNAME.key \
|
-keyout /etc/ssl/private/$HOSTNAME.key \
|
||||||
|
@ -3420,7 +3421,7 @@ Create some ssl certificates:
|
||||||
#+BEGIN_SRC: bash
|
#+BEGIN_SRC: bash
|
||||||
mkdir /home/ircserver/ircd/ssl
|
mkdir /home/ircserver/ircd/ssl
|
||||||
openssl genrsa -out /home/ircserver/ircd/ssl/ircd.key 4096
|
openssl genrsa -out /home/ircserver/ircd/ssl/ircd.key 4096
|
||||||
openssl req -new -x509 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
|
openssl req -new -x509 -sha256 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
|
||||||
You will be asked for some details. The next step will take a few minutes to gather entropy, so go and do something else.
|
You will be asked for some details. The next step will take a few minutes to gather entropy, so go and do something else.
|
||||||
|
@ -4031,7 +4032,7 @@ Generate a SSL certificate.
|
||||||
|
|
||||||
#+BEGIN_SRC: bash
|
#+BEGIN_SRC: bash
|
||||||
openssl genrsa -out /etc/ssl/private/xmpp.key 4096
|
openssl genrsa -out /etc/ssl/private/xmpp.key 4096
|
||||||
openssl req -new -x509 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
|
openssl req -new -x509 -sha256 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
|
||||||
Change permissions.
|
Change permissions.
|
||||||
|
@ -7818,7 +7819,7 @@ Recreate the XMPP certificate:
|
||||||
|
|
||||||
#+BEGIN_SRC: bash
|
#+BEGIN_SRC: bash
|
||||||
openssl genrsa -out /etc/ssl/private/xmpp.key 4096
|
openssl genrsa -out /etc/ssl/private/xmpp.key 4096
|
||||||
openssl req -new -x509 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
|
openssl req -new -sha256 -x509 -key /etc/ssl/private/xmpp.key -out /etc/ssl/certs/xmpp.crt -days 3650
|
||||||
chmod 600 /etc/ssl/private/xmpp.key
|
chmod 600 /etc/ssl/private/xmpp.key
|
||||||
chmod 600 /etc/ssl/certs/xmpp.crt
|
chmod 600 /etc/ssl/certs/xmpp.crt
|
||||||
chown prosody:prosody /etc/ssl/private/xmpp.key
|
chown prosody:prosody /etc/ssl/private/xmpp.key
|
||||||
|
@ -7829,7 +7830,7 @@ And regenerate the IRC server keys:
|
||||||
|
|
||||||
#+BEGIN_SRC: bash
|
#+BEGIN_SRC: bash
|
||||||
openssl genrsa -out /home/ircserver/ircd/ssl/ircd.key 4096
|
openssl genrsa -out /home/ircserver/ircd/ssl/ircd.key 4096
|
||||||
openssl req -new -x509 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
|
openssl req -new -x509 -sha256 -key /home/ircserver/ircd/ssl/ircd.key -out /home/ircserver/ircd/ssl/ircd.pem -days 3650
|
||||||
openssl dhparam -out /home/ircserver/ircd/ssl/dhparam.pem 1024
|
openssl dhparam -out /home/ircserver/ircd/ssl/dhparam.pem 1024
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
|
||||||
|
@ -7946,7 +7947,7 @@ mkdir /etc/ssl/requests
|
||||||
Now make a certificate request as follows. You should copy and paste the whole of this, not just line by line.
|
Now make a certificate request as follows. You should copy and paste the whole of this, not just line by line.
|
||||||
|
|
||||||
#+BEGIN_SRC: bash
|
#+BEGIN_SRC: bash
|
||||||
openssl req -new -key /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/requests/$HOSTNAME.csr
|
openssl req -new -sha256 -key /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/requests/$HOSTNAME.csr
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
|
||||||
For the email address it's a good idea to use postmaster@mydomainname.
|
For the email address it's a good idea to use postmaster@mydomainname.
|
||||||
|
|
Loading…
Reference in New Issue