diff options
author | Yuuta Liang <yuuta@yuuta.moe> | 2023-06-22 14:34:08 -0700 |
---|---|---|
committer | Yuuta Liang <yuuta@yuuta.moe> | 2023-06-22 14:34:08 -0700 |
commit | a369183d0ff5ad8c9cab8a7420c10c8c0d720259 (patch) | |
tree | 4187cd953f7cec107094a420123bdc7f793459aa | |
parent | 9804bddaccda235e11f1dd91c058e3c83c1c10d4 (diff) | |
download | ca-a369183d0ff5ad8c9cab8a7420c10c8c0d720259.tar ca-a369183d0ff5ad8c9cab8a7420c10c8c0d720259.tar.gz ca-a369183d0ff5ad8c9cab8a7420c10c8c0d720259.tar.bz2 ca-a369183d0ff5ad8c9cab8a7420c10c8c0d720259.zip |
Use ECC P-256
-rw-r--r-- | Makefile | 5 | ||||
-rw-r--r-- | ca.cnf | 4 |
2 files changed, 5 insertions, 4 deletions
@@ -36,7 +36,8 @@ ca.crt: -out ca.crt ca.key: - openssl genrsa -aes256 -out ca.key 4096 + # openssl genrsa -aes256 -out ca.key 4096 + openssl ecparam -name P-256 -genkey -out ca.key crlnumber: echo 0000 > crlnumber @@ -44,4 +45,4 @@ crlnumber: reset: echo "!!! THIS WILL RESET EVERYTHING, INCLUDING PRIVATE KEYS !!!" # sleep 5 - rm -rf newcerts serial index.txt* private certs sub.csr crlnumber* ca.crl ca.crt sub.crt + rm -rf newcerts serial index.txt* private certs sub.csr crlnumber* ca.crl ca.crt sub.crt ca.key @@ -23,7 +23,7 @@ crl_extensions = crl_ext default_crl_days = 365 # Cryptography -default_md = sha512 +#default_md = sha512 # Policy name_opt = ca_default @@ -47,7 +47,7 @@ distinguished_name = req_dn string_mask = utf8only # s/sha512/sha256/, according to Jimmy (isrg uses sha256) -default_md = sha256 +#default_md = sha256 x509_extensions = extensions |