Option to set DH key length

This commit is contained in:
Bob Mottram 2015-08-15 09:10:00 +01:00
parent 4bdf435933
commit 5affb786ea
2 changed files with 7 additions and 1 deletions

Binary file not shown.

View File

@ -36,6 +36,7 @@ ORGANISATION="Freedombone"
UNIT="Freedombone Unit"
EXTENSIONS=""
NODH=
DH_KEYLENGTH=1024
function show_help {
echo ''
@ -51,6 +52,7 @@ function show_help {
echo ' -l --location [locn] Optional location name'
echo ' -o --organisation [name] Optional organisation name'
echo ' -u --unit [name] Optional unit name'
echo ' --dhkey [bits] DH key length in bits'
echo ' --nodh "" Do not calculate DH params'
echo ' --ca "" Certificate authority cert'
echo ''
@ -98,6 +100,10 @@ case $key in
shift
NODH="true"
;;
--dhkey)
shift
DH_KEYLENGTH=${1}
;;
*)
# unknown option
;;
@ -125,7 +131,7 @@ openssl req -x509 $EXTENSIONS -nodes -days 3650 -sha256 \
-newkey rsa:4096 -keyout /etc/ssl/private/$CERTFILE.key \
-out /etc/ssl/certs/$CERTFILE.crt
if [ ! $NODH ]; then
openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$CERTFILE.dhparam
openssl dhparam -check -text -5 $DH_KEYLENGTH -out /etc/ssl/certs/$CERTFILE.dhparam
fi
chmod 400 /etc/ssl/private/$CERTFILE.key
chmod 640 /etc/ssl/certs/$CERTFILE.crt