sha256 and access restriction to generated certs and keys

2015-08-07 15:52:49 +02:00 · 2015-08-07 15:52:49 +02:00 · d08478b47a
commit d08478b47a
parent 2a18379289
1 changed files with 2 additions and 1 deletions
--- a/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java
+++ b/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java
@ -273,7 +273,8 @@ public class DomainProcessorFactory implements EntityProcessorFactory {
 					+ "mkdir -p $PEMS_DIR/ && "
 					+ "cd $PEMS_DIR && "
 					+ "echo \"\" > " + domName + ".chain && "
-					+ "openssl req -x509 -newkey rsa:2048 -keyout " + domName + ".key -out " + domName + ".crt -days 1100 -nodes -subj '/CN=" + domName + "'"),
+					+ "openssl req -x509 -newkey rsa:2048 -keyout " + domName + ".key -out " + domName + ".crt -days 1100 -nodes -sha256 -subj '/CN=" + domName + "' &&"
+					+ "chmod 400 " + domName + "*"),
 			new CreateFileProcessor("/de/hsadmin/mods/dom/apache-vhost.vm", templateVars, dom, "/etc/apache2/sites-available/" + domName + ".tmp", "root", "root", "644", true),
 			new ShellProcessor(
 					" (diff -q /etc/apache2/sites-available/" + domName + ".tmp /etc/apache2/sites-available/" + domName + " && rm /etc/apache2/sites-available/" + domName + ".tmp ) " +