[shibboleth-sp2] 22/89: SSPCPP-686 - Switch to SHA-2 certs and 3072 bit keys on install
Ferenc Wágner
wferi at moszumanska.debian.org
Thu Sep 1 09:24:05 UTC 2016
This is an automated email from the git hooks/post-receive script.
wferi pushed a commit to branch master
in repository shibboleth-sp2.
commit b3cd2ffd8a80f30b171b2a1c0a8b6dd5ee787b62
Author: Scott Cantor <cantor.2 at osu.edu>
Date: Wed May 11 10:41:45 2016 -0400
SSPCPP-686 - Switch to SHA-2 certs and 3072 bit keys on install
https://issues.shibboleth.net/jira/browse/SSPCPP-686
---
configs/keygen.bat | 6 +++---
configs/keygen.sh | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/configs/keygen.bat b/configs/keygen.bat
index ae223a4..14a5fdb 100644
--- a/configs/keygen.bat
+++ b/configs/keygen.bat
@@ -31,12 +31,12 @@ if not defined FQDN goto guess_fqdn
:generate
set PATH=%PATH%;%ProgramFiles%\Shibboleth\SP\lib\
set CNF="%PREFIX%sp-cert.cnf"
-echo # OpenSSL configuration file for creating sp-cert.pem >%CNF%
+echo # OpenSSL configuration file for creating keypair >%CNF%
echo [req] >>%CNF%
echo prompt=no >>%CNF%
-echo default_bits=2048 >>%CNF%
+echo default_bits=3072 >>%CNF%
echo encrypt_key=no >>%CNF%
-echo default_md=sha1 >>%CNF%
+echo default_md=sha256 >>%CNF%
echo distinguished_name=dn >>%CNF%
echo # PrintableStrings only >>%CNF%
echo string_mask=MASK:0002 >>%CNF%
diff --git a/configs/keygen.sh b/configs/keygen.sh
index 4ee69f6..002acd9 100755
--- a/configs/keygen.sh
+++ b/configs/keygen.sh
@@ -50,12 +50,12 @@ fi
SSLCNF=$OUT/sp-cert.cnf
cat >$SSLCNF <<EOF
-# OpenSSL configuration file for creating sp-cert.pem
+# OpenSSL configuration file for creating keypair
[req]
prompt=no
-default_bits=2048
+default_bits=3072
encrypt_key=no
-default_md=sha1
+default_md=sha256
distinguished_name=dn
# PrintableStrings only
string_mask=MASK:0002
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git
More information about the Pkg-shibboleth-devel
mailing list