Use ECC P-256

2 files changed, 5 insertions, 4 deletions

diff --git a/Makefile b/Makefile
index f4170ba..ce68603 100644
--- a/Makefile
+++ b/Makefile
@@ -36,7 +36,8 @@ ca.crt:
 		-out ca.crt
 
 ca.key:
-	openssl genrsa -aes256 -out ca.key 4096
+	# openssl genrsa -aes256 -out ca.key 4096
+	openssl ecparam -name P-256 -genkey -out ca.key
 
 crlnumber:
 	echo 0000 > crlnumber
@@ -44,4 +45,4 @@ crlnumber:
 reset:
 	echo "!!! THIS WILL RESET EVERYTHING, INCLUDING PRIVATE KEYS !!!"
 	# sleep 5
-	rm -rf newcerts serial index.txt* private certs sub.csr crlnumber* ca.crl ca.crt sub.crt
+	rm -rf newcerts serial index.txt* private certs sub.csr crlnumber* ca.crl ca.crt sub.crt ca.key
diff --git a/ca.cnf b/ca.cnf
index 214fb26..713a6f9 100644
--- a/ca.cnf
+++ b/ca.cnf
@@ -23,7 +23,7 @@ crl_extensions	= crl_ext
 default_crl_days	= 365
 
 # Cryptography
-default_md	= sha512
+#default_md	= sha512
 
 # Policy
 name_opt	= ca_default
@@ -47,7 +47,7 @@ distinguished_name	= req_dn
 string_mask		= utf8only
 
 # s/sha512/sha256/, according to Jimmy (isrg uses sha256)
-default_md		= sha256
+#default_md		= sha256
 
 x509_extensions		= extensions