X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=src%2Fscripts%2Fhttpscert;h=e20f789ed4d8c2e52a9e8bc43f4c5f5c276e1a1b;hp=2c5a928296e4d699ebd005381465505b98752b5c;hb=d9c6f56c2ea171cbc1fa396feb30d2814b9a818d;hpb=65998e0a05463089cb7f6ad29baba5f9ed4fbc69

diff --git a/src/scripts/httpscert b/src/scripts/httpscert
index 2c5a928296..e20f789ed4 100644
--- a/src/scripts/httpscert
+++ b/src/scripts/httpscert
@@ -1,30 +1,22 @@
 #!/bin/sh
 #
-# $Id: httpscert,v 1.1.2.2 2005/12/15 21:59:57 eoberlander Exp $
 # new : generate new certificate
 # read: read issuer in certificate and verify if it is the same as hostname
 
 # See how we were called.
 case "$1" in
   new)
-	# set temporary random file
-	export RANDFILE=/root/.rnd
 	if [ ! -f /etc/httpd/server.key ]; then
 		echo "Generating https server key."
-		/usr/bin/openssl genrsa -rand \
-			/boot/vmlinuz:CONFIG_ROOT/ethernet/settings -out \
-			/etc/httpd/server.key 1024
+		/usr/bin/openssl genrsa -out /etc/httpd/server.key 4096
 	fi
 	echo "Generating CSR"
 	/bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
 		req -new -key /etc/httpd/server.key -out /etc/httpd/server.csr
 	echo "Signing certificate"
-	/usr/bin/openssl x509 -req -days 999999 -in \
+	/usr/bin/openssl x509 -req -days 999999 -sha256 -in \
 		/etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
 		/etc/httpd/server.crt
-	# unset and remove random file
-	export -n RANDFILE
-	rm -f /root/.rnd
  	;;
   read)
 	if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then