moving to ecc

author: Devaev Maxim <[email protected]> 2020-07-08 03:28:02 +0300
committer: Devaev Maxim <[email protected]> 2020-07-08 03:28:02 +0300
commit: 1afcfebc7fa5c67dddf725457fa41f2882bb3523 (patch)
tree: 38ce61791413644623a3c6a75fe7c4d470295fbb /scripts/kvmd-gencert
parent: cb8ddaec47325b350c46daa9d3a756d3de371405 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/scripts/kvmd-gencert b/scripts/kvmd-gencert
index b2626417..d2a766de 100755
--- a/scripts/kvmd-gencert
+++ b/scripts/kvmd-gencert
@@ -35,6 +35,11 @@ if [ "$1" != --do-the-thing ]; then
 	exit 1
 fi
 
+# XXX: Why ECC?
+# https://www.leaderssl.com/articles/345-what-is-ecc-and-why-you-should-use-it
+# https://www.digitalocean.com/community/tutorials/how-to-create-an-ecc-certificate-on-nginx-for-debian-8
+# https://msol.io/blog/tech/create-a-self-signed-ecc-certificate
+
 set -x
 
 export LC_ALL=C
@@ -42,7 +47,8 @@ export LC_ALL=C
 mkdir -p /etc/kvmd/nginx/ssl
 cd /etc/kvmd/nginx/ssl
 
-openssl req -new -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt -days 3650 \
+openssl ecparam -out server.key -name prime256v1 -genkey
+openssl req -new -x509 -sha256 -nodes -key server.key -out server.crt -days 3650 \
 	-subj "/C=RU/ST=Moscow/L=Moscow/O=Pi-KVM/OU=Pi-KVM/CN=localhost"
 
 chown -R root:kvmd-nginx /etc/kvmd/nginx/ssl
author	Devaev Maxim <[email protected]>	2020-07-08 03:28:02 +0300
committer	Devaev Maxim <[email protected]>	2020-07-08 03:28:02 +0300
commit	1afcfebc7fa5c67dddf725457fa41f2882bb3523 (patch)
tree	38ce61791413644623a3c6a75fe7c4d470295fbb /scripts/kvmd-gencert
parent	cb8ddaec47325b350c46daa9d3a756d3de371405 (diff)