added dhparam generation section and report

This commit is contained in:
Asif Bacchus 2019-01-05 18:46:53 -07:00
parent 441ee56ea2
commit ccca60b927
2 changed files with 22 additions and 3 deletions

View File

@ -11,7 +11,7 @@
-1, -1,
-1, -1,
-1, -1,
636, 659,
625 625
] ]
} }

View File

@ -373,7 +373,7 @@ fi
# dhparam: get location of DH Parameters file # dhparam: get location of DH Parameters file
echo -e "\n${mag}Having your own unique Diffie-Hellman Parameters file makes your SSL" echo -e "\n${mag}Having your own unique Diffie-Hellman Parameters file makes your SSL"
echo "communication more secure by helping to generate unique safe large prime" echo "communication more secure by helping to generate unique safe large prime"
echo "numbers. You shouldn't use any pre-installed dhparams.pem files. You should" echo "numbers. You shouldn't use any pre-installed dhparam.pem files. You should"
echo "always generate your own. If you haven't done that already and would like this" echo "always generate your own. If you haven't done that already and would like this"
echo -e "script to do it for you, please type ${warn}generate${mag} at the prompt instead" echo -e "script to do it for you, please type ${warn}generate${mag} at the prompt instead"
echo -e "of a path${norm}\n" echo -e "of a path${norm}\n"
@ -578,7 +578,7 @@ fi
### Write configurations to template files ### Write configurations to template files
# let user know what's happening # let user know what's happening
echo -e "\n${mag}---------------------${norm}" echo -e "\n${mag}---------------------${norm}"
echo -e "${cyan}Updating template files now" echo -e "${cyan}Updating template files now...${norm}"
# copy template files to working versions # copy template files to working versions
echo "copying files to dedicated directory for customization" echo "copying files to dedicated directory for customization"
@ -638,6 +638,25 @@ echo -e "${cyan}...Template files updated${norm}"
echo -e "\n${mag}---------------------${norm}" echo -e "\n${mag}---------------------${norm}"
# notify user and generate DHParms if necessary, otherwise end reporting section
if [ "${generateDH}" -eq 1 ]; then
echo -e "${cyan}Generating DH-Parameters file... this may take a while${norm}"
# delete existing (likely default) dhparam.pem
rm -f /etc/ssl/certs/dhparam.pem
# generate 4096-bit DHParams and store in /etc/ssl/certs/dhparam.pem
openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
# verify non-zero length file generated
if [ -s "/etc/ssl/certs/dhparam.pem" ]; then
echo -e "${ok}-- dhparam.pem generated --${normal}"
else
echo -e "${err}-- error generating dhparam.pem --"
echo -e "you should manaully generate this file${norm}"
fi
# debug section # debug section
echo -e "\n${mag}---------------------${norm}" echo -e "\n${mag}---------------------${norm}"