Raise key size as newer OpenSSL requires (#776)

aio-libs · Aug 18, 2021 · 04ca511 · 04ca511
1 parent e3701a6
commit 04ca511
Showing 1 changed file with 13 additions and 13 deletions.
diff --git a/gen-ssl-certs.sh b/gen-ssl-certs.sh
@@ -32,7 +32,7 @@ L=NN
 O=NN
 OU=NN
 CN="$HOST"
- 
+
 
 # Password
 PASS="abcdefgh"
@@ -74,30 +74,30 @@ $C
 yes
 yes
 EOF
-	
+
     #Step 2
     echo "############ Adding CA"
     keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}server.truststore.jks -alias CARoot -import -file $CA_CERT <<EOF
 yes
 EOF
-    
+
     #Step 3
     echo "############ Export certificate"
     keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}server.keystore.jks -alias localhost -certreq -file ${PFX}cert-file
 
     echo "############ Sign certificate"
     openssl x509 -req -CA $CA_CERT -CAkey ${CA_CERT}.key -in ${PFX}cert-file -out ${PFX}cert-signed -days $VALIDITY -CAcreateserial -passin "pass:$PASS"
-    
-    
+
+
     echo "############ Import CA"
     keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}server.keystore.jks -alias CARoot -import -file $CA_CERT <<EOF
 yes
 EOF
-    
+
     echo "############ Import signed CA"
-    keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}server.keystore.jks -alias localhost -import -file ${PFX}cert-signed    
+    keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}server.keystore.jks -alias localhost -import -file ${PFX}cert-signed
+
 
-
 elif [[ $OP == "client" && ! -z "$CA_CERT" && ! -z "$PFX" && ! -z "$CN" ]]; then
 
     if [[ $USE_KEYTOOL == 1 ]]; then
@@ -122,7 +122,7 @@ EOF
 	keytool -storepass "$PASS" -keystore ${PFX}client.keystore.jks -alias localhost -certreq -file ${PFX}cert-file
 
 	echo "########### Sign certificate"
-	openssl x509 -req -CA ${CA_CERT} -CAkey ${CA_CERT}.key -in ${PFX}cert-file -out ${PFX}cert-signed -days $VALIDITY -CAcreateserial -passin pass:$PASS	
+	openssl x509 -req -CA ${CA_CERT} -CAkey ${CA_CERT}.key -in ${PFX}cert-file -out ${PFX}cert-signed -days $VALIDITY -CAcreateserial -passin pass:$PASS
 
 	echo "########### Import CA"
 	keytool -storepass "$PASS" -keypass "$PASS" -keystore ${PFX}client.keystore.jks -alias CARoot -import -file ${CA_CERT} <<EOF
@@ -135,8 +135,8 @@ EOF
     else
 	# Standard OpenSSL keys
 	echo "############ Generating key"
-	openssl genrsa -des3 -passout "pass:$PASS" -out ${PFX}client.key 2048
-	
+	openssl genrsa -des3 -passout "pass:$PASS" -out ${PFX}client.key 3072
+
 	echo "############ Generating request"
 	openssl req -passin "pass:$PASS" -passout "pass:$PASS" -key ${PFX}client.key -new -out ${PFX}client.req \
 		<<EOF
@@ -156,8 +156,8 @@ EOF
 
     fi
 
-    
-    
+
+
 
 else
     echo "Usage: $0 ca <ca-cert-file> <CN>"