Update scripts to use fips allowed algorithms
Openssl genrsa is deprecated in favor of genpkey, and fails in FIPS mode.
Update the relevant calls to use genpkey instead.
Change-Id: I1aab9faa8afe845e445e620d1800785d2e19ad1e
(cherry picked from commit 36a642d9d0
)
This commit is contained in:
parent
4039d35ce2
commit
58eac3d91f
@ -44,7 +44,7 @@ touch index.txt
|
||||
echo 1000 > serial
|
||||
|
||||
# Create the client CA private key
|
||||
openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 2048
|
||||
openssl genpkey -algorithm RSA -out private/ca.key.pem -aes-128-cbc -pass pass:not-secure-passphrase
|
||||
chmod 400 private/ca.key.pem
|
||||
|
||||
# Create the client CA root certificate
|
||||
@ -58,7 +58,7 @@ touch intermediate_ca/index.txt
|
||||
echo 1000 > intermediate_ca/serial
|
||||
|
||||
# Create the client intermediate CA private key
|
||||
openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 2048
|
||||
openssl genpkey -algorithm RSA -out intermediate_ca/private/intermediate.ca.key.pem -aes-128-cbc -pass pass:not-secure-passphrase
|
||||
chmod 400 intermediate_ca/private/intermediate.ca.key.pem
|
||||
|
||||
# Create the client intermediate CA certificate signing request
|
||||
@ -71,7 +71,7 @@ openssl ca -config ../../openssl.cnf -name CA_intermediate -extensions v3_interm
|
||||
cat intermediate_ca/certs/intermediate.cert.pem certs/ca.cert.pem > intermediate_ca/ca-chain.cert.pem
|
||||
|
||||
###### Create the client key and certificate
|
||||
openssl genrsa -aes128 -out intermediate_ca/private/controller.key.pem -passout pass:not-secure-passphrase 2048
|
||||
openssl genpkey -algorithm RSA -out intermediate_ca/private/controller.key.pem -aes-128-cbc -pass pass:not-secure-passphrase
|
||||
chmod 400 intermediate_ca/private/controller.key.pem
|
||||
|
||||
# Create the client controller certificate signing request
|
||||
@ -103,7 +103,7 @@ touch index.txt
|
||||
echo 1000 > serial
|
||||
|
||||
# Create the server CA private key
|
||||
openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 2048
|
||||
openssl genpkey -algorithm RSA -out private/ca.key.pem -aes-128-cbc -pass pass:not-secure-passphrase
|
||||
chmod 400 private/ca.key.pem
|
||||
|
||||
# Create the server CA root certificate
|
||||
@ -117,7 +117,7 @@ touch intermediate_ca/index.txt
|
||||
echo 1000 > intermediate_ca/serial
|
||||
|
||||
# Create the server intermediate CA private key
|
||||
openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 2048
|
||||
openssl genpkey -algorithm RSA -out intermediate_ca/private/intermediate.ca.key.pem -aes-128-cbc -pass pass:not-secure-passphrase
|
||||
chmod 400 intermediate_ca/private/intermediate.ca.key.pem
|
||||
|
||||
# Create the server intermediate CA certificate signing request
|
||||
|
@ -44,7 +44,7 @@ touch index.txt
|
||||
echo 1000 > serial
|
||||
|
||||
# Create the client CA private key
|
||||
openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 2048
|
||||
openssl genpkey -algorithm RSA -out private/ca.key.pem -aes-128-cbc -pass pass:not-secure-passphrase
|
||||
chmod 400 private/ca.key.pem
|
||||
|
||||
# Create the client CA root certificate
|
||||
@ -58,7 +58,7 @@ touch intermediate_ca/index.txt
|
||||
echo 1000 > intermediate_ca/serial
|
||||
|
||||
# Create the client intermediate CA private key
|
||||
openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 2048
|
||||
openssl genpkey -algorithm RSA -out intermediate_ca/private/intermediate.ca.key.pem -aes-128-cbc -pass pass:not-secure-passphrase
|
||||
chmod 400 intermediate_ca/private/intermediate.ca.key.pem
|
||||
|
||||
# Create the client intermediate CA certificate signing request
|
||||
@ -71,7 +71,7 @@ openssl ca -config ../../openssl.cnf -name CA_intermediate -extensions v3_interm
|
||||
cat intermediate_ca/certs/intermediate.cert.pem certs/ca.cert.pem > intermediate_ca/ca-chain.cert.pem
|
||||
|
||||
###### Create the client key and certificate
|
||||
openssl genrsa -aes128 -out intermediate_ca/private/controller.key.pem -passout pass:not-secure-passphrase 2048
|
||||
openssl genpkey -algorithm RSA -out intermediate_ca/private/controller.key.pem -aes-128-cbc -pass pass:not-secure-passphrase
|
||||
chmod 400 intermediate_ca/private/controller.key.pem
|
||||
|
||||
# Create the client controller certificate signing request
|
||||
|
@ -142,7 +142,7 @@ can be used to create the required certificates.
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
$ openssl genrsa -aes256 -out private/ca.key.pem 4096
|
||||
$ openssl genpkey -algorithm RSA -out private/ca.key.pem -aes-128-cbc -pkeyopt rsa_keygen_bits:4096
|
||||
$ chmod 400 private/ca.key.pem
|
||||
|
||||
7. Create the `server` CA certificate.
|
||||
@ -174,7 +174,7 @@ can be used to create the required certificates.
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
$ openssl genrsa -aes256 -out private/ca.key.pem 4096
|
||||
$ openssl genpkey -algorithm RSA -out private/ca.key.pem -aes-128-cbc -pkeyopt rsa_keygen_bits:4096
|
||||
$ chmod 400 private/ca.key.pem
|
||||
|
||||
10. Create the `client` CA certificate.
|
||||
@ -199,7 +199,7 @@ can be used to create the required certificates.
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
$ openssl genrsa -aes256 -out private/client.key.pem 2048
|
||||
$ openssl genpkey -algorithm RSA -out private/ca.key.pem -aes-128-cbc -pkeyopt rsa_keygen_bits:2048
|
||||
|
||||
12. Create the certificate request for the `client` certificate used on the
|
||||
controllers.
|
||||
|
Loading…
Reference in New Issue
Block a user