Use sha-512 rather than deprecated sha-1; generate a csr

This commit is contained in:
Patrick Godschalk 2013-11-19 00:49:01 +01:00
parent cba8bbc3fc
commit b858bc54f9
No known key found for this signature in database
GPG key ID: E048E6B1ECC14594

View file

@ -3,8 +3,11 @@ prefix="@prefix@"
exec_prefix="@exec_prefix@"
sysconfdir="@sysconfdir@"
echo "Generating self-signed certificate .. "
openssl req -x509 -nodes -newkey rsa:1024 -keyout "${sysconfdir}"/ssl.key -out "${sysconfdir}"/ssl.cert
echo "Generating private key and CSR... "
openssl req -new -newkey rsa:2048 -nodes -sha512 -out "${sysconfdir}"/ssl.csr -keyout "${sysconfdir}"/ssl.key
echo "Self-signing certificate..."
openssl x509 -req -sha512 -days 365 -in "${sysconfdir}"/ssl.csr -signkey "${sysconfdir}"/ssl.key -out "${sysconfdir}"/ssl.pem
echo "Generating Diffie-Hellman file for secure SSL/TLS negotiation .. "
openssl dhparam -out "${sysconfdir}"/dh.pem 2048
@ -22,8 +25,13 @@ cat <<EOF
Now change these lines in the IRCd config file:
ssl_private_key = "${relative_sysconfdir}/ssl.key";
ssl_cert = "${relative_sysconfdir}/ssl.cert";
ssl_cert = "${relative_sysconfdir}/ssl.pem";
ssl_dh_params = "${relative_sysconfdir}/dh.pem";
If you want to get your certificate signed by a certificate authority,
submit the ssl.csr file to your CA, then replace ssl.pem with the
certificate returned to you. You may need to include your CA's
intermediate certificates in signing order.
Enjoy using ssl.
EOF