From 6fdb9be69e9d53234f0d101c76636e06c5d4d6cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stanis=C5=82aw=20Pitucha?= Date: Fri, 6 May 2016 16:27:01 +1000 Subject: [PATCH] Force a recent hash in examples On some systems openssl still defaults to sha1 in new certificate requests, which is rejected by Anchor. Force sha256 in all examples instead. Change-Id: I0c673392c7f6badd7d66c307ace594b1d711674d --- README.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index 049ac90..5f4a3be 100644 --- a/README.rst +++ b/README.rst @@ -93,14 +93,15 @@ can be done to create a test CA. The test certificate can be then used to sign the new certificates. openssl req -out CA/root-ca.crt -keyout CA/root-ca-unwrapped.key \ - -newkey rsa:4096 -subj "/CN=Anchor Test CA" -nodes -x509 -days 365 + -newkey rsa:4096 -subj "/CN=Anchor Test CA" -nodes -x509 -days 365 \ + -sha256 chmod 0400 CA/root-ca-unwrapped.key Next, a new certificate request may be generated: openssl req -out anchor-test.example.com.csr -nodes \ -keyout anchor-test.example.com.key -newkey rsa:2048 \ - -subj "/CN=anchor-test.example.com" + -subj "/CN=anchor-test.example.com" -sha256 That reqest can be submitted using curl (while `pecan serve config.py` is running):