Ashiq5
e6657d6ebe
Added key rollover code.
2020-11-04 20:25:25 +06:00
Michael Kroes
a52c56e571
only set the CN field when generating initial CSR to prevent issues with the php7 ppa version of openssl ( #1223 )
...
OpenSSL 1.1.0f now validates the other subject fields and rejects the empty string (for the country?) because it isn't two characters.
2017-07-30 08:11:39 -04:00
Joshua Tauberer
d53332b7cf
drop the CSR_COUNTRY setting and ask within the control panel
2015-12-26 11:48:23 -05:00
Joshua Tauberer
c422543fdd
make the system SSL certificate a symlink so we never have to replace a certificate file, and flatten the directory structure of user-installed certificates
2015-11-29 02:02:01 +00:00
Joshua Tauberer
bbf78716fd
during setup suppress the status line about generating an SSL certificate if we already have it
2015-11-19 07:00:33 -05:00
Joshua Tauberer
b9820641aa
when generating the initial self-signed cert, dont keep the CSR - it has no use after this step
2015-11-19 07:00:33 -05:00
Joshua Tauberer
e8264e9b6a
ensure /dev/urandom is seeded with a blocking call to /dev/random and using Ubuntu's pollinate servers
2015-11-19 07:00:33 -05:00
Joshua Tauberer
4f2b223070
add comments about how openssl generates random numbers for genrsa and what could create a perfect storm to make the key not random
...
see #596
2015-11-19 07:00:32 -05:00
Joshua Tauberer
73fbcd7fa3
silence all of the installing/already installed package messages on installation
...
Querying dpkg for each package is slow, and we have way too much output on installation because of it.
2015-08-19 15:58:35 -04:00
pierreozoux
f6d4621834
Typo
2015-01-29 17:03:20 +00:00
Joshua Tauberer
5fd107cae5
more work on making the bash scripts readable
2014-10-04 17:57:26 -04:00
Joshua Tauberer
39bca053ed
add 2048 bits of DH params for nginx, postfix, dovecot
...
nginx/postfix use a new pre-generated dh2048.pem file. dovecot generates the bits on its own.
ssllabs.com reports that TLS_DHE ciphers went from 1024 to 2048 bits as expected. The ECDHE ciphers remain at 256 bits --- no idea what that really means. (This tests nginx only. I haven't tested postfix/dovecot.)
see https://discourse.mailinabox.email/t/fips-ready-for-ssl-dhec-key-exchange/76/3
2014-09-26 22:09:22 +00:00
Joshua Tauberer
9d40a12f44
first pass at making readable documentation by parsing the bash scripts
2014-09-21 13:43:31 -04:00
Joshua Tauberer
6e3b04ce83
when generating SSL CSRs, using SHA256 as SHA1 is being phased out, per @konklone
2014-08-23 17:49:33 -04:00
Joshua Tauberer
b30d7ad80a
web-based administrative UI
...
closes #19
2014-08-17 22:46:06 +00:00
Joshua Tauberer
6619239280
the SSL private key would be overwritten if ssl_certificate.pem file was deleted; maybe the cause of #98
2014-07-28 15:38:23 -04:00
Joshua Tauberer
023cd12e1a
hide lots of unnecessary and scary output during setup
2014-07-16 09:36:56 -04:00
h8h
9b887d2e63
Use $STORAGE_ROOT
...
Better to use $STORAGE_ROOT instead of hardcoded /home/user-data/
2014-07-16 15:33:40 +02:00
Joshua Tauberer
fed5959288
s/PUBLIC_HOSTNAME/PRIMARY_HOSTNAME/ throughout
2014-06-30 09:15:36 -04:00
Joshua Tauberer
67d31ed998
move the SSL setup into its own bash script since it is used for much more than email now
2014-06-21 22:16:46 +00:00