Option to set DH key length
This commit is contained in:
parent
4bdf435933
commit
5affb786ea
Binary file not shown.
|
@ -36,6 +36,7 @@ ORGANISATION="Freedombone"
|
|||
UNIT="Freedombone Unit"
|
||||
EXTENSIONS=""
|
||||
NODH=
|
||||
DH_KEYLENGTH=1024
|
||||
|
||||
function show_help {
|
||||
echo ''
|
||||
|
@ -51,6 +52,7 @@ function show_help {
|
|||
echo ' -l --location [locn] Optional location name'
|
||||
echo ' -o --organisation [name] Optional organisation name'
|
||||
echo ' -u --unit [name] Optional unit name'
|
||||
echo ' --dhkey [bits] DH key length in bits'
|
||||
echo ' --nodh "" Do not calculate DH params'
|
||||
echo ' --ca "" Certificate authority cert'
|
||||
echo ''
|
||||
|
@ -98,6 +100,10 @@ case $key in
|
|||
shift
|
||||
NODH="true"
|
||||
;;
|
||||
--dhkey)
|
||||
shift
|
||||
DH_KEYLENGTH=${1}
|
||||
;;
|
||||
*)
|
||||
# unknown option
|
||||
;;
|
||||
|
@ -125,7 +131,7 @@ openssl req -x509 $EXTENSIONS -nodes -days 3650 -sha256 \
|
|||
-newkey rsa:4096 -keyout /etc/ssl/private/$CERTFILE.key \
|
||||
-out /etc/ssl/certs/$CERTFILE.crt
|
||||
if [ ! $NODH ]; then
|
||||
openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$CERTFILE.dhparam
|
||||
openssl dhparam -check -text -5 $DH_KEYLENGTH -out /etc/ssl/certs/$CERTFILE.dhparam
|
||||
fi
|
||||
chmod 400 /etc/ssl/private/$CERTFILE.key
|
||||
chmod 640 /etc/ssl/certs/$CERTFILE.crt
|
||||
|
|
Loading…
Reference in New Issue