Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
executable file 34 lines (25 sloc) 1.08 KB
#!/bin/bash -e
# Regenerate SSL keys and certificates
[ -n "$_TURNKEY_INIT" ] && exit 0
fatal() {
echo "fatal: $@" 1>&2
exit 1
}
which openssl >/dev/null || fatal "openssl is not installed"
echo "Regenerating SSL keys and certificates..."
# A DH group of 2048 bits is recommended to combat FREAK and Logjam, but
# Java 7 clients only support a group size of 1024 bits. A compromise is
# to generate a unique 1024 bit group for each server. This should be
# changed to 2048 when Java 7 support is not needed.
openssl dhparam -out /etc/ssl/private/dhparams.pem 1024 > /dev/null 2>&1
chmod 400 /etc/ssl/private/dhparams.pem
# Use turnkey-make-ssl-cert to generate default server cert
/usr/local/bin/turnkey-make-ssl-cert --default --force-overwrite
# Restart relevant installed services
which nginx >/dev/null && service nginx restart
which tomcat7 >/dev/null && service tomcat7 restart
which apache2 >/dev/null && service apache2 restart
which lighttpd >/dev/null && service lighttpd restart
which stunnel4 >/dev/null && service stunnel4 restart
# final tidy up
update-ca-certificates
You can’t perform that action at this time.