Use 2048-bits keys for devstack certificates
RHEL8 and Centos8 refuse to load certificates generated with a 1024-bits key because of new security policies. Increasing key size to 2048-bits fixes certificate generation scripts for these distributions. Story 2006944 Task 37623 Change-Id: I6d5d39c4cf87ac687355f80ca591c1a611f46f41
This commit is contained in:
Gregory Thiemonge
parent
4a5c24ef6f
commit
8b6bb936d3
@ -44,9 +44,7 @@ touch index.txt
|
||||
echo 1000 > serial
|
||||
|
||||
# Create the client CA private key
|
||||
# Note: This uses short key lengths to save entropy in the test gates.
|
||||
# This is not recommended for deployment use!
|
||||
openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 1024
|
||||
openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 2048
|
||||
chmod 400 private/ca.key.pem
|
||||
|
||||
# Create the client CA root certificate
|
||||
@ -60,9 +58,7 @@ touch intermediate_ca/index.txt
|
||||
echo 1000 > intermediate_ca/serial
|
||||
|
||||
# Create the client intermediate CA private key
|
||||
# Note: This uses short key lengths to save entropy in the test gates.
|
||||
# This is not recommended for deployment use!
|
||||
openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 1024
|
||||
openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 2048
|
||||
chmod 400 intermediate_ca/private/intermediate.ca.key.pem
|
||||
|
||||
# Create the client intermediate CA certificate signing request
|
||||
@ -75,9 +71,7 @@ openssl ca -config ../../openssl.cnf -name CA_intermediate -extensions v3_interm
|
||||
cat intermediate_ca/certs/intermediate.cert.pem certs/ca.cert.pem > intermediate_ca/ca-chain.cert.pem
|
||||
|
||||
###### Create the client key and certificate
|
||||
# Note: This uses short key lengths to save entropy in the test gates.
|
||||
# This is not recommended for deployment use!
|
||||
openssl genrsa -aes128 -out intermediate_ca/private/controller.key.pem -passout pass:not-secure-passphrase 1024
|
||||
openssl genrsa -aes128 -out intermediate_ca/private/controller.key.pem -passout pass:not-secure-passphrase 2048
|
||||
chmod 400 intermediate_ca/private/controller.key.pem
|
||||
|
||||
# Create the client controller certificate signing request
|
||||
@ -109,9 +103,7 @@ touch index.txt
|
||||
echo 1000 > serial
|
||||
|
||||
# Create the server CA private key
|
||||
# Note: This uses short key lengths to save entropy in the test gates.
|
||||
# This is not recommended for deployment use!
|
||||
openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 1024
|
||||
openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 2048
|
||||
chmod 400 private/ca.key.pem
|
||||
|
||||
# Create the server CA root certificate
|
||||
@ -125,9 +117,7 @@ touch intermediate_ca/index.txt
|
||||
echo 1000 > intermediate_ca/serial
|
||||
|
||||
# Create the server intermediate CA private key
|
||||
# Note: This uses short key lengths to save entropy in the test gates.
|
||||
# This is not recommended for deployment use!
|
||||
openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 1024
|
||||
openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 2048
|
||||
chmod 400 intermediate_ca/private/intermediate.ca.key.pem
|
||||
|
||||
# Create the server intermediate CA certificate signing request
|
||||
|
||||
@ -44,9 +44,7 @@ touch index.txt
|
||||
echo 1000 > serial
|
||||
|
||||
# Create the client CA private key
|
||||
# Note: This uses short key lengths to save entropy in the test gates.
|
||||
# This is not recommended for deployment use!
|
||||
openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 1024
|
||||
openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 2048
|
||||
chmod 400 private/ca.key.pem
|
||||
|
||||
# Create the client CA root certificate
|
||||
@ -60,9 +58,7 @@ touch intermediate_ca/index.txt
|
||||
echo 1000 > intermediate_ca/serial
|
||||
|
||||
# Create the client intermediate CA private key
|
||||
# Note: This uses short key lengths to save entropy in the test gates.
|
||||
# This is not recommended for deployment use!
|
||||
openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 1024
|
||||
openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 2048
|
||||
chmod 400 intermediate_ca/private/intermediate.ca.key.pem
|
||||
|
||||
# Create the client intermediate CA certificate signing request
|
||||
@ -75,9 +71,7 @@ openssl ca -config ../../openssl.cnf -name CA_intermediate -extensions v3_interm
|
||||
cat intermediate_ca/certs/intermediate.cert.pem certs/ca.cert.pem > intermediate_ca/ca-chain.cert.pem
|
||||
|
||||
###### Create the client key and certificate
|
||||
# Note: This uses short key lengths to save entropy in the test gates.
|
||||
# This is not recommended for deployment use!
|
||||
openssl genrsa -aes128 -out intermediate_ca/private/controller.key.pem -passout pass:not-secure-passphrase 1024
|
||||
openssl genrsa -aes128 -out intermediate_ca/private/controller.key.pem -passout pass:not-secure-passphrase 2048
|
||||
chmod 400 intermediate_ca/private/controller.key.pem
|
||||
|
||||
# Create the client controller certificate signing request
|
||||
|
||||
Loading…
Reference in New Issue
Block a user