ssl: there is no need to use -des3 in key generation if we're just going to remove the passphrase

thanks @konklone for discussion
2014-05-01 16:47:22 -04:00 · 2014-05-01 16:47:22 -04:00 · 74ec3d9696
parent 532c9aa7fd
commit 74ec3d9696
1 changed files with 1 additions and 3 deletions
--- a/scripts/mail.sh
+++ b/scripts/mail.sh
@ -210,9 +210,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \
 # Create a self-signed certifiate.
 mkdir -p $STORAGE_ROOT/ssl
 if [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then
-	openssl genrsa -des3 -passout pass:x -out /tmp/server.key 2048 # create key, but it has a password...
-	openssl rsa -passin pass:x -in /tmp/server.key -out $STORAGE_ROOT/ssl/ssl_private_key.pem # remove password and save it to the right location
-	rm /tmp/server.key # remove temporary password-laden key
+	openssl genrsa -out $STORAGE_ROOT/ssl/ssl_private_key.pem 2048
 	openssl req -new -key $STORAGE_ROOT/ssl/ssl_private_key.pem -out $STORAGE_ROOT/ssl/ssl_cert_sign_req.csr \
 	  -subj "/C=/ST=/L=/O=/CN=$PUBLIC_HOSTNAME"
 	openssl x509 -req -days 365 \