1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-22 02:17:26 +00:00

ssl: there is no need to use -des3 in key generation if we're just going to remove the passphrase

thanks @konklone for discussion
This commit is contained in:
Joshua Tauberer 2014-05-01 16:47:22 -04:00
parent 532c9aa7fd
commit 74ec3d9696

View File

@ -210,9 +210,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \
# Create a self-signed certifiate. # Create a self-signed certifiate.
mkdir -p $STORAGE_ROOT/ssl mkdir -p $STORAGE_ROOT/ssl
if [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then if [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then
openssl genrsa -des3 -passout pass:x -out /tmp/server.key 2048 # create key, but it has a password... openssl genrsa -out $STORAGE_ROOT/ssl/ssl_private_key.pem 2048
openssl rsa -passin pass:x -in /tmp/server.key -out $STORAGE_ROOT/ssl/ssl_private_key.pem # remove password and save it to the right location
rm /tmp/server.key # remove temporary password-laden key
openssl req -new -key $STORAGE_ROOT/ssl/ssl_private_key.pem -out $STORAGE_ROOT/ssl/ssl_cert_sign_req.csr \ openssl req -new -key $STORAGE_ROOT/ssl/ssl_private_key.pem -out $STORAGE_ROOT/ssl/ssl_cert_sign_req.csr \
-subj "/C=/ST=/L=/O=/CN=$PUBLIC_HOSTNAME" -subj "/C=/ST=/L=/O=/CN=$PUBLIC_HOSTNAME"
openssl x509 -req -days 365 \ openssl x509 -req -days 365 \