diff options
| author | Simon Rettberg | 2017-03-27 15:54:11 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2017-03-27 15:54:11 +0200 |
| commit | bb7e408d758f2859db12ce6baf9f1b428e406658 (patch) | |
| tree | a5864b7271aa9e995c63f457c95d325df6889914 | |
| parent | [LighttpdHttps] Also fix related script (diff) | |
| download | tmlite-bwlp-bb7e408d758f2859db12ce6baf9f1b428e406658.tar.gz tmlite-bwlp-bb7e408d758f2859db12ce6baf9f1b428e406658.tar.xz tmlite-bwlp-bb7e408d758f2859db12ce6baf9f1b428e406658.zip | |
[LighttpdHttps] Update script to generate 2048 bit dh params
| -rwxr-xr-x | scripts/install-https | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/scripts/install-https b/scripts/install-https index a4ea8df..ad77a97 100755 --- a/scripts/install-https +++ b/scripts/install-https @@ -48,6 +48,8 @@ op_import () if [ -s "$CHAIN" ]; then openssl x509 -noout -hash -in "$CHAIN" >/dev/null 2>&1 && cp "$CHAIN" "$CHAINFILE" fi + generate_dh + return 0 } op_random () @@ -56,6 +58,22 @@ op_random () rm -f -- "$CHAINFILE" openssl req -x509 -new -newkey rsa:4096 -keyout "$CERTFILE" -out "$CERTFILE" -days 5000 -nodes -subj "/C=DE/ST=Nowhere/L=Springfield/O=bwLehrpool/CN=$1" || exit 2 chmod 0600 "$CERTFILE" || exit 3 + generate_dh + return 0 +} + +generate_dh () +{ + local DHPARAM="/etc/lighttpd/dhparam.pem" + if ! [ -s "$DHPARAM" ]; then + echo "Generating DH parameters (this takes a while)..." + if openssl dhparam -out "$DHPARAM" 2048 >/dev/null 2>&1; then + echo "done" + else + echo "failed" + rm -f -- "$DHPARAM" + fi + fi } OP=$1 |