dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2025-07-13 14:34:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

Modernize certificate generation

Browse Source 
- Use 2048 bit keys (required for modern OpenSSL)
- Use SHA256 instead of SHA1 (required for modern OpenSSL)
- Add a SubjectAltName to be able to trigger certain edge-cases
- Add all.sh to conveniently re-generate certificates
This commit is contained in:
Jonas Schäfer
2018-11-19 15:56:42 +01:00
parent 550777a9d6
commit 8bcabff0c1
9 changed files with 22 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
samples/certs/clientA.sh
View File

@ -1,9 +1,9 @@
#!/bin/sh
openssl req -newkey rsa:1024 -sha1 -keyout clientAkey.pem -out clientAreq.pem \
openssl req -newkey rsa:2048 -sha256 -keyout clientAkey.pem -out clientAreq.pem \
-nodes -config ./clientA.cnf -days 365 -batch
openssl x509 -req -in clientAreq.pem -sha1 -extfile ./clientA.cnf \
openssl x509 -req -in clientAreq.pem -sha256 -extfile ./clientA.cnf \
-extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial \
-out clientAcert.pem -days 365