Use sha-512 rather than deprecated sha-1; generate a csr
This commit is contained in:
parent
cba8bbc3fc
commit
b858bc54f9
1 changed files with 11 additions and 3 deletions
|
@ -3,8 +3,11 @@ prefix="@prefix@"
|
||||||
exec_prefix="@exec_prefix@"
|
exec_prefix="@exec_prefix@"
|
||||||
sysconfdir="@sysconfdir@"
|
sysconfdir="@sysconfdir@"
|
||||||
|
|
||||||
echo "Generating self-signed certificate .. "
|
echo "Generating private key and CSR... "
|
||||||
openssl req -x509 -nodes -newkey rsa:1024 -keyout "${sysconfdir}"/ssl.key -out "${sysconfdir}"/ssl.cert
|
openssl req -new -newkey rsa:2048 -nodes -sha512 -out "${sysconfdir}"/ssl.csr -keyout "${sysconfdir}"/ssl.key
|
||||||
|
|
||||||
|
echo "Self-signing certificate..."
|
||||||
|
openssl x509 -req -sha512 -days 365 -in "${sysconfdir}"/ssl.csr -signkey "${sysconfdir}"/ssl.key -out "${sysconfdir}"/ssl.pem
|
||||||
|
|
||||||
echo "Generating Diffie-Hellman file for secure SSL/TLS negotiation .. "
|
echo "Generating Diffie-Hellman file for secure SSL/TLS negotiation .. "
|
||||||
openssl dhparam -out "${sysconfdir}"/dh.pem 2048
|
openssl dhparam -out "${sysconfdir}"/dh.pem 2048
|
||||||
|
@ -22,8 +25,13 @@ cat <<EOF
|
||||||
Now change these lines in the IRCd config file:
|
Now change these lines in the IRCd config file:
|
||||||
|
|
||||||
ssl_private_key = "${relative_sysconfdir}/ssl.key";
|
ssl_private_key = "${relative_sysconfdir}/ssl.key";
|
||||||
ssl_cert = "${relative_sysconfdir}/ssl.cert";
|
ssl_cert = "${relative_sysconfdir}/ssl.pem";
|
||||||
ssl_dh_params = "${relative_sysconfdir}/dh.pem";
|
ssl_dh_params = "${relative_sysconfdir}/dh.pem";
|
||||||
|
|
||||||
|
If you want to get your certificate signed by a certificate authority,
|
||||||
|
submit the ssl.csr file to your CA, then replace ssl.pem with the
|
||||||
|
certificate returned to you. You may need to include your CA's
|
||||||
|
intermediate certificates in signing order.
|
||||||
|
|
||||||
Enjoy using ssl.
|
Enjoy using ssl.
|
||||||
EOF
|
EOF
|
||||||
|
|
Loading…
Reference in a new issue