From d08478b47ac55c371260d1cf8949f2f33e162bc1 Mon Sep 17 00:00:00 2001
From: Peter Hormanns <peter.hormanns@jalin.de>
Date: Fri, 7 Aug 2015 15:52:49 +0200
Subject: [PATCH] sha256 and access restriction to generated certs and keys

---
 hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java b/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java
index 577d908..d9f7d8c 100644
--- a/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java
+++ b/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java
@@ -273,7 +273,8 @@ public class DomainProcessorFactory implements EntityProcessorFactory {
 					+ "mkdir -p $PEMS_DIR/ && "
 					+ "cd $PEMS_DIR && "
 					+ "echo \"\" > " + domName + ".chain && "
-					+ "openssl req -x509 -newkey rsa:2048 -keyout " + domName + ".key -out " + domName + ".crt -days 1100 -nodes -subj '/CN=" + domName + "'"),
+					+ "openssl req -x509 -newkey rsa:2048 -keyout " + domName + ".key -out " + domName + ".crt -days 1100 -nodes -sha256 -subj '/CN=" + domName + "' &&"
+					+ "chmod 400 " + domName + "*"),
 			new CreateFileProcessor("/de/hsadmin/mods/dom/apache-vhost.vm", templateVars, dom, "/etc/apache2/sites-available/" + domName + ".tmp", "root", "root", "644", true),
 			new ShellProcessor(
 					" (diff -q /etc/apache2/sites-available/" + domName + ".tmp /etc/apache2/sites-available/" + domName + " && rm /etc/apache2/sites-available/" + domName + ".tmp ) " +