Option to set DH key length
This commit is contained in:
parent
4bdf435933
commit
5affb786ea
Binary file not shown.
|
@ -36,6 +36,7 @@ ORGANISATION="Freedombone"
|
||||||
UNIT="Freedombone Unit"
|
UNIT="Freedombone Unit"
|
||||||
EXTENSIONS=""
|
EXTENSIONS=""
|
||||||
NODH=
|
NODH=
|
||||||
|
DH_KEYLENGTH=1024
|
||||||
|
|
||||||
function show_help {
|
function show_help {
|
||||||
echo ''
|
echo ''
|
||||||
|
@ -51,6 +52,7 @@ function show_help {
|
||||||
echo ' -l --location [locn] Optional location name'
|
echo ' -l --location [locn] Optional location name'
|
||||||
echo ' -o --organisation [name] Optional organisation name'
|
echo ' -o --organisation [name] Optional organisation name'
|
||||||
echo ' -u --unit [name] Optional unit name'
|
echo ' -u --unit [name] Optional unit name'
|
||||||
|
echo ' --dhkey [bits] DH key length in bits'
|
||||||
echo ' --nodh "" Do not calculate DH params'
|
echo ' --nodh "" Do not calculate DH params'
|
||||||
echo ' --ca "" Certificate authority cert'
|
echo ' --ca "" Certificate authority cert'
|
||||||
echo ''
|
echo ''
|
||||||
|
@ -98,6 +100,10 @@ case $key in
|
||||||
shift
|
shift
|
||||||
NODH="true"
|
NODH="true"
|
||||||
;;
|
;;
|
||||||
|
--dhkey)
|
||||||
|
shift
|
||||||
|
DH_KEYLENGTH=${1}
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
# unknown option
|
# unknown option
|
||||||
;;
|
;;
|
||||||
|
@ -125,7 +131,7 @@ openssl req -x509 $EXTENSIONS -nodes -days 3650 -sha256 \
|
||||||
-newkey rsa:4096 -keyout /etc/ssl/private/$CERTFILE.key \
|
-newkey rsa:4096 -keyout /etc/ssl/private/$CERTFILE.key \
|
||||||
-out /etc/ssl/certs/$CERTFILE.crt
|
-out /etc/ssl/certs/$CERTFILE.crt
|
||||||
if [ ! $NODH ]; then
|
if [ ! $NODH ]; then
|
||||||
openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$CERTFILE.dhparam
|
openssl dhparam -check -text -5 $DH_KEYLENGTH -out /etc/ssl/certs/$CERTFILE.dhparam
|
||||||
fi
|
fi
|
||||||
chmod 400 /etc/ssl/private/$CERTFILE.key
|
chmod 400 /etc/ssl/private/$CERTFILE.key
|
||||||
chmod 640 /etc/ssl/certs/$CERTFILE.crt
|
chmod 640 /etc/ssl/certs/$CERTFILE.crt
|
||||||
|
|
Loading…
Reference in New Issue