added dhparam generation section and report
This commit is contained in:
Asif Bacchus
parent
441ee56ea2
commit
ccca60b927
2
.vscode/numbered-bookmarks.json
vendored
2
.vscode/numbered-bookmarks.json
vendored
@ -11,7 +11,7 @@
|
|||||||
-1,
|
-1,
|
||||||
-1,
|
-1,
|
||||||
-1,
|
-1,
|
||||||
636,
|
659,
|
||||||
625
|
625
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
23
setup.sh
23
setup.sh
@ -373,7 +373,7 @@ fi
|
|||||||
# dhparam: get location of DH Parameters file
|
# dhparam: get location of DH Parameters file
|
||||||
echo -e "\n${mag}Having your own unique Diffie-Hellman Parameters file makes your SSL"
|
echo -e "\n${mag}Having your own unique Diffie-Hellman Parameters file makes your SSL"
|
||||||
echo "communication more secure by helping to generate unique safe large prime"
|
echo "communication more secure by helping to generate unique safe large prime"
|
||||||
echo "numbers. You shouldn't use any pre-installed dhparams.pem files. You should"
|
echo "numbers. You shouldn't use any pre-installed dhparam.pem files. You should"
|
||||||
echo "always generate your own. If you haven't done that already and would like this"
|
echo "always generate your own. If you haven't done that already and would like this"
|
||||||
echo -e "script to do it for you, please type ${warn}generate${mag} at the prompt instead"
|
echo -e "script to do it for you, please type ${warn}generate${mag} at the prompt instead"
|
||||||
echo -e "of a path${norm}\n"
|
echo -e "of a path${norm}\n"
|
||||||
@ -578,7 +578,7 @@ fi
|
|||||||
### Write configurations to template files
|
### Write configurations to template files
|
||||||
# let user know what's happening
|
# let user know what's happening
|
||||||
echo -e "\n${mag}---------------------${norm}"
|
echo -e "\n${mag}---------------------${norm}"
|
||||||
echo -e "${cyan}Updating template files now"
|
echo -e "${cyan}Updating template files now...${norm}"
|
||||||
|
|
||||||
# copy template files to working versions
|
# copy template files to working versions
|
||||||
echo "copying files to dedicated directory for customization"
|
echo "copying files to dedicated directory for customization"
|
||||||
@ -638,6 +638,25 @@ echo -e "${cyan}...Template files updated${norm}"
|
|||||||
echo -e "\n${mag}---------------------${norm}"
|
echo -e "\n${mag}---------------------${norm}"
|
||||||
|
|
||||||
|
|
||||||
|
# notify user and generate DHParms if necessary, otherwise end reporting section
|
||||||
|
|
||||||
|
if [ "${generateDH}" -eq 1 ]; then
|
||||||
|
echo -e "${cyan}Generating DH-Parameters file... this may take a while${norm}"
|
||||||
|
# delete existing (likely default) dhparam.pem
|
||||||
|
rm -f /etc/ssl/certs/dhparam.pem
|
||||||
|
# generate 4096-bit DHParams and store in /etc/ssl/certs/dhparam.pem
|
||||||
|
openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
|
||||||
|
# verify non-zero length file generated
|
||||||
|
if [ -s "/etc/ssl/certs/dhparam.pem" ]; then
|
||||||
|
echo -e "${ok}-- dhparam.pem generated --${normal}"
|
||||||
|
else
|
||||||
|
echo -e "${err}-- error generating dhparam.pem --"
|
||||||
|
echo -e "you should manaully generate this file${norm}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# debug section
|
# debug section
|
||||||
echo -e "\n${mag}---------------------${norm}"
|
echo -e "\n${mag}---------------------${norm}"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user