httpscert: Increase size of the RSA key to 4096.
authorMichael Tremer <michael.tremer@ipfire.org>
Thu, 12 Dec 2013 20:18:56 +0000 (21:18 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 12 Dec 2013 20:18:56 +0000 (21:18 +0100)
RSA keys with length of 1024 bits are considered weak.

src/scripts/httpscert

index ff48b60..d0e23fa 100644 (file)
@@ -8,7 +8,7 @@ case "$1" in
   new)
        if [ ! -f /etc/httpd/server.key ]; then
                echo "Generating https server key."
-               /usr/bin/openssl genrsa -out /etc/httpd/server.key 1024
+               /usr/bin/openssl genrsa -out /etc/httpd/server.key 4096
        fi
        echo "Generating CSR"
        /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \