From: Peter Müller <peter.mueller@ipfire.org>
Date: Fri, 20 Sep 2024 14:20:19 +0000 (+0000)
Subject: apache: Drop RSA key and certificate generation
X-Git-Tag: v2.29-core190~104
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3b54d0377b75b0afda27904b66040ec38a7b3416;p=ipfire-2.x.git

apache: Drop RSA key and certificate generation

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/initscripts/system/apache b/src/initscripts/system/apache
index e7a62097e1..ba7ede6702 100644
--- a/src/initscripts/system/apache
+++ b/src/initscripts/system/apache
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -25,13 +25,6 @@
 PIDFILE="/var/run/httpd.pid"
 
 generate_certificates() {
-	if [ ! -f "/etc/httpd/server.key" ]; then
-		boot_mesg "Generating HTTPS RSA server key (this will take a moment)..."
-		openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null
-		chmod 600 /etc/httpd/server.key
-		evaluate_retval
-	fi
-
 	if [ ! -f "/etc/httpd/server-ecdsa.key" ]; then
 		boot_mesg "Generating HTTPS ECDSA server key..."
 		openssl ecparam -genkey -name secp384r1 -noout \
@@ -40,29 +33,12 @@ generate_certificates() {
 		evaluate_retval
 	fi
 
-	# Generate RSA CSR
-	if [ ! -f "/etc/httpd/server.csr" ]; then
-		sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
-			openssl req -new -key /etc/httpd/server.key \
-				-out /etc/httpd/server.csr &>/dev/null
-	fi
-
-	# Generate ECDSA CSR
 	if [ ! -f "/etc/httpd/server-ecdsa.csr" ]; then
 		sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
 			openssl req -new -key /etc/httpd/server-ecdsa.key \
 			-out /etc/httpd/server-ecdsa.csr &>/dev/null
 	fi
 
-	if [ ! -f "/etc/httpd/server.crt" ]; then
-		boot_mesg "Signing RSA certificate..."
-		openssl x509 -req -days 999999 -sha256 \
-			-in /etc/httpd/server.csr \
-			-signkey /etc/httpd/server.key \
-			-out /etc/httpd/server.crt &>/dev/null
-		evaluate_retval
-	fi
-
 	if [ ! -f "/etc/httpd/server-ecdsa.crt" ]; then
 		boot_mesg "Signing ECDSA certificate..."
 		openssl x509 -req -days 999999 -sha256 \