Modernize certificate generation

- Use 2048 bit keys (required for modern OpenSSL) - Use SHA256 instead of SHA1 (required for modern OpenSSL) - Add a SubjectAltName to be able to trigger certain edge-cases - Add all.sh to conveniently re-generate certificates
2025-07-13 14:34:23 +02:00 · 2018-11-19 15:56:42 +01:00
parent 550777a9d6
commit 8bcabff0c1
9 changed files with 22 additions and 15 deletions
--- a/samples/certs/rootB.sh
+++ b/samples/certs/rootB.sh
@ -1,7 +1,7 @@
 #!/bin/sh

-openssl req -newkey rsa:1024 -sha1 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
+openssl req -newkey rsa:2048 -sha256 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch

-openssl x509 -req -in rootBreq.pem -sha1 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365
+openssl x509 -req -in rootBreq.pem -sha256 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365

 openssl x509 -subject -issuer -noout -in rootB.pem