From ebb0c04e406d94603e5bf8fad64d5b01dbb4c443 Mon Sep 17 00:00:00 2001 From: auzias Date: Fri, 17 Jan 2014 17:11:24 +0100 Subject: [PATCH] mail.sh OK : x10 duration of ssl certificate + double the encryption key --- scripts/mail.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/scripts/mail.sh b/scripts/mail.sh index bea373e9..09151a36 100755 --- a/scripts/mail.sh +++ b/scripts/mail.sh @@ -196,16 +196,16 @@ tools/editconf.py /etc/dovecot/conf.d/10-ssl.conf \ "ssl_key=<$STORAGE_ROOT/ssl/ssl_private_key.pem" \ # SSL CERTIFICATE - + # Create a self-signed certifiate. mkdir -p $STORAGE_ROOT/ssl if [ ! -f $STORAGE_ROOT/ssl/ssl_certificate.pem ]; then - openssl genrsa -des3 -passout pass:x -out /tmp/server.key 2048 # create key, but it has a password... + openssl genrsa -des3 -passout pass:x -out /tmp/server.key 4096 # create key, but it has a password... openssl rsa -passin pass:x -in /tmp/server.key -out $STORAGE_ROOT/ssl/ssl_private_key.pem # remove password and save it to the right location rm /tmp/server.key # remove temporary password-laden key openssl req -new -key $STORAGE_ROOT/ssl/ssl_private_key.pem -out $STORAGE_ROOT/ssl/ssl_cert_sign_req.csr \ -subj "/C=/ST=/L=/O=/CN=$PUBLIC_HOSTNAME" - openssl x509 -req -days 365 \ + openssl x509 -req -days 3650 \ -in $STORAGE_ROOT/ssl/ssl_cert_sign_req.csr -signkey $STORAGE_ROOT/ssl/ssl_private_key.pem -out $STORAGE_ROOT/ssl/ssl_certificate.pem fi @@ -227,4 +227,3 @@ service dovecot restart ufw allow smtp ufw allow submission ufw allow imaps -