implemented dsaparm for faster generation
better error check on dhparam generation
This commit is contained in:
Asif Bacchus
parent
7b91963f7f
commit
c42363abfe
10
setup.sh
10
setup.sh
@ -48,6 +48,7 @@ unset inputPHPPort
|
|||||||
unset phpAddr
|
unset phpAddr
|
||||||
unset phpPort
|
unset phpPort
|
||||||
unset phpSock
|
unset phpSock
|
||||||
|
unset dhsuccess
|
||||||
|
|
||||||
# set variables
|
# set variables
|
||||||
regexIP4="(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"
|
regexIP4="(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"
|
||||||
@ -632,12 +633,11 @@ fi
|
|||||||
if [ "${generateDH}" -eq 1 ]; then
|
if [ "${generateDH}" -eq 1 ]; then
|
||||||
echo -e "\n${mag}---------------------${norm}"
|
echo -e "\n${mag}---------------------${norm}"
|
||||||
echo -e "${cyan}Generating DH-Parameters file... this may take a while${norm}"
|
echo -e "${cyan}Generating DH-Parameters file... this may take a while${norm}"
|
||||||
# delete existing (likely default) dhparam.pem
|
|
||||||
rm -f /etc/ssl/certs/dhparam.pem
|
|
||||||
# generate 4096-bit DHParams and store in /etc/ssl/certs/dhparam.pem
|
# generate 4096-bit DHParams and store in /etc/ssl/certs/dhparam.pem
|
||||||
openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
|
openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096
|
||||||
# verify non-zero length file generated
|
dhsuccess=$?
|
||||||
if [ -s "/etc/ssl/certs/dhparam.pem" ]; then
|
# verify no error reported and non-zero length file generated
|
||||||
|
if [ "${dhsuccess}" -eq 0 ] && [ -s "/etc/ssl/certs/dhparam.pem" ]; then
|
||||||
echo -e "${ok}-- dhparam.pem generated --${norm}"
|
echo -e "${ok}-- dhparam.pem generated --${norm}"
|
||||||
# set DHParam to proper location
|
# set DHParam to proper location
|
||||||
DHPath='/etc/ssl/certs/dhparam.pem'
|
DHPath='/etc/ssl/certs/dhparam.pem'
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user