Commit de87c8a4 authored by Leigh Stoller's avatar Leigh Stoller

Start generating 2048 bit keys to make Nick happy (or maybe just

a bit less unhappy).
parent d6973c9c
...@@ -298,7 +298,7 @@ if( defined( $oldkeyfile ) ) { ...@@ -298,7 +298,7 @@ if( defined( $oldkeyfile ) ) {
my $genopts = my $genopts =
($encrypted ? " -passout 'pass:${sh_password}' -des3 " : ""); ($encrypted ? " -passout 'pass:${sh_password}' -des3 " : "");
system("$OPENSSL genrsa $genopts -out syscert_key.pem 1024") system("$OPENSSL genrsa $genopts -out syscert_key.pem 2048")
== 0 or fatal("Could generate new key"); == 0 or fatal("Could generate new key");
system("$OPENSSL req -text -new -config syscert.cnf ". system("$OPENSSL req -text -new -config syscert.cnf ".
......
...@@ -401,7 +401,7 @@ sub CreateNewCert() { ...@@ -401,7 +401,7 @@ sub CreateNewCert() {
my $genopts = my $genopts =
($encrypted ? " -passout 'pass:${sh_password}' -des3 " : ""); ($encrypted ? " -passout 'pass:${sh_password}' -des3 " : "");
system("$OPENSSL genrsa $genopts -out usercert_key.pem 1024") system("$OPENSSL genrsa $genopts -out usercert_key.pem 2048")
== 0 or fatal("Could generate new key"); == 0 or fatal("Could generate new key");
} }
my $reqopts = ($encrypted ? "-passin 'pass:${sh_password}' " : ""); my $reqopts = ($encrypted ? "-passin 'pass:${sh_password}' " : "");
......
# #
# Copyright (c) 2000-2017 University of Utah and the Flux Group. # Copyright (c) 2000-2018 University of Utah and the Flux Group.
# #
# {{{EMULAB-LICENSE # {{{EMULAB-LICENSE
# #
...@@ -159,7 +159,7 @@ emulab_privkey.pem: ...@@ -159,7 +159,7 @@ emulab_privkey.pem:
# Generate a priv key for signing stuff. This one gets a # Generate a priv key for signing stuff. This one gets a
# passphrase. # passphrase.
# #
openssl genrsa -out emulab_privkey.pem -des3 openssl genrsa -out emulab_privkey.pem -des3 2048
emulab_pubkey.pem: emulab_privkey.pem emulab_pubkey.pem: emulab_privkey.pem
# #
...@@ -173,7 +173,7 @@ emulab_pubkey.pem: emulab_privkey.pem ...@@ -173,7 +173,7 @@ emulab_pubkey.pem: emulab_privkey.pem
# by you and writable. # by you and writable.
# #
%.key: %.key:
openssl genrsa -out $@ -rand .rand 1024 openssl genrsa -out $@ -rand .rand 2048
# The point of the this is to recover the keys from where they were # The point of the this is to recover the keys from where they were
# originally installed. We do this cause people often lose their # originally installed. We do this cause people often lose their
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment