pakfire: use correct tree on x86_64.
[ipfire-2.x.git] / src / scripts / httpscert
index 2c5a928..e20f789 100644 (file)
@@ -1,30 +1,22 @@
 #!/bin/sh
 #
-# $Id: httpscert,v 1.1.2.2 2005/12/15 21:59:57 eoberlander Exp $
 # new : generate new certificate
 # read: read issuer in certificate and verify if it is the same as hostname
 
 # See how we were called.
 case "$1" in
   new)
-       # set temporary random file
-       export RANDFILE=/root/.rnd
        if [ ! -f /etc/httpd/server.key ]; then
                echo "Generating https server key."
-               /usr/bin/openssl genrsa -rand \
-                       /boot/vmlinuz:CONFIG_ROOT/ethernet/settings -out \
-                       /etc/httpd/server.key 1024
+               /usr/bin/openssl genrsa -out /etc/httpd/server.key 4096
        fi
        echo "Generating CSR"
        /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
                req -new -key /etc/httpd/server.key -out /etc/httpd/server.csr
        echo "Signing certificate"
-       /usr/bin/openssl x509 -req -days 999999 -in \
+       /usr/bin/openssl x509 -req -days 999999 -sha256 -in \
                /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
                /etc/httpd/server.crt
-       # unset and remove random file
-       export -n RANDFILE
-       rm -f /root/.rnd
        ;;
   read)
        if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then