added dhparam generation section and report
This commit is contained in:
Asif Bacchus
parent
441ee56ea2
commit
ccca60b927
2
.vscode/numbered-bookmarks.json
vendored
2
.vscode/numbered-bookmarks.json
vendored
@ -11,7 +11,7 @@
|
||||
-1,
|
||||
-1,
|
||||
-1,
|
||||
636,
|
||||
659,
|
||||
625
|
||||
]
|
||||
}
|
||||
|
||||
23
setup.sh
23
setup.sh
@ -373,7 +373,7 @@ fi
|
||||
# dhparam: get location of DH Parameters file
|
||||
echo -e "\n${mag}Having your own unique Diffie-Hellman Parameters file makes your SSL"
|
||||
echo "communication more secure by helping to generate unique safe large prime"
|
||||
echo "numbers. You shouldn't use any pre-installed dhparams.pem files. You should"
|
||||
echo "numbers. You shouldn't use any pre-installed dhparam.pem files. You should"
|
||||
echo "always generate your own. If you haven't done that already and would like this"
|
||||
echo -e "script to do it for you, please type ${warn}generate${mag} at the prompt instead"
|
||||
echo -e "of a path${norm}\n"
|
||||
@ -578,7 +578,7 @@ fi
|
||||
### Write configurations to template files
|
||||
# let user know what's happening
|
||||
echo -e "\n${mag}---------------------${norm}"
|
||||
echo -e "${cyan}Updating template files now"
|
||||
echo -e "${cyan}Updating template files now...${norm}"
|
||||
|
||||
# copy template files to working versions
|
||||
echo "copying files to dedicated directory for customization"
|
||||
@ -638,6 +638,25 @@ echo -e "${cyan}...Template files updated${norm}"
|
||||
echo -e "\n${mag}---------------------${norm}"
|
||||
|
||||
|
||||
# notify user and generate DHParms if necessary, otherwise end reporting section
|
||||
|
||||
if [ "${generateDH}" -eq 1 ]; then
|
||||
echo -e "${cyan}Generating DH-Parameters file... this may take a while${norm}"
|
||||
# delete existing (likely default) dhparam.pem
|
||||
rm -f /etc/ssl/certs/dhparam.pem
|
||||
# generate 4096-bit DHParams and store in /etc/ssl/certs/dhparam.pem
|
||||
openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
|
||||
# verify non-zero length file generated
|
||||
if [ -s "/etc/ssl/certs/dhparam.pem" ]; then
|
||||
echo -e "${ok}-- dhparam.pem generated --${normal}"
|
||||
else
|
||||
echo -e "${err}-- error generating dhparam.pem --"
|
||||
echo -e "you should manaully generate this file${norm}"
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
# debug section
|
||||
echo -e "\n${mag}---------------------${norm}"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user