X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=apache2-cn.git;a=blobdiff_plain;f=carnet-generate-ssl;fp=carnet-generate-ssl;h=d3976eed40d7366d914b7a29f0235828d96c37a6;hp=9a17f02e498935db534698a4693474c0350aa12c;hb=efcba04e69e03fa428d417afac63b38073852eaf;hpb=3a175f24bcb26ca98d85a8c4ddd12bc8834494c5

diff --git a/carnet-generate-ssl b/carnet-generate-ssl
index 9a17f02..d3976ee 100755
--- a/carnet-generate-ssl
+++ b/carnet-generate-ssl
@@ -71,7 +71,7 @@ emailAddress           = $WEBMASTER
 
 EOF
 
-    openssl req -config $TMPFILE -new -key ${SSLKEYDIR}/apache2-ca.key -out ${SSLKEYDIR}/apache2-ca.csr
+    openssl req -sha256 -config $TMPFILE -new -key ${SSLKEYDIR}/apache2-ca.key -out ${SSLKEYDIR}/apache2-ca.csr
 fi
 
 if [ ! -f ${SSLCRTDIR}/apache2-ca.pem ] || [ -n "$KEYS" ]; then
@@ -85,14 +85,14 @@ nsComment        = "CARNet apache2-cn package generated custom CA certificate"
 nsCertType       = sslCA
 EOT
 
-    openssl x509 -extfile $TMPFILE -days 3651 -signkey ${SSLKEYDIR}/apache2-ca.key \
+    openssl x509 -sha256 -extfile $TMPFILE -days 3651 -signkey ${SSLKEYDIR}/apache2-ca.key \
 	    -in ${SSLKEYDIR}/apache2-ca.csr -req -out ${SSLCRTDIR}/apache2-ca.pem
 
     KEYS="${KEYS}
  - ${SSLCRTDIR}/apache2-ca.pem"
 fi
 
-mod1=`openssl x509 -noout -modulus -in ${SSLCRTDIR}/apache2-ca.pem`
+mod1=`openssl x509 -sha256 -noout -modulus -in ${SSLCRTDIR}/apache2-ca.pem`
 mod2=`openssl rsa -noout -modulus -in ${SSLKEYDIR}/apache2-ca.key`
 
 if [ "$mod1" != "$mod2" ]; then
@@ -101,7 +101,7 @@ if [ "$mod1" != "$mod2" ]; then
 fi
 
 cd ${SSLCRTDIR}
-ln -sf apache2-ca.pem $(openssl x509 -hash -noout -in apache2-ca.pem)
+ln -sf apache2-ca.pem $(openssl x509 -sha256 -hash -noout -in apache2-ca.pem)
 
 
 # Generate server certificate
@@ -112,13 +112,13 @@ echo 01 > "$TMPFILE2"
 sed "s/HOST/$FQDN/g; s/DOMAIN/$DOMAIN/g; s/WEBMASTER/$WEBMASTER/g" \
   <  $A2CNDIR/templates/openssl.cnf > "$TMPFILE"
 
-openssl req -config "$TMPFILE" -new -nodes \
+openssl req -sha256 -config "$TMPFILE" -new -nodes \
 	-key ${SSLKEYDIR}/apache2.key -out ${SSLKEYDIR}/apache2.csr
-openssl x509 -extfile "$TMPFILE" -days 3650 \
+openssl x509 -sha256 -extfile "$TMPFILE" -days 3650 \
 	-CAserial "$TMPFILE2" -CA ${SSLCRTDIR}/apache2-ca.pem -CAkey ${SSLKEYDIR}/apache2-ca.key \
 	-in ${SSLKEYDIR}/apache2.csr -req -out ${SSLCRTDIR}/apache2.pem
 
-mod1=`openssl x509 -noout -modulus -in ${SSLCRTDIR}/apache2.pem`
+mod1=`openssl x509 -sha256 -noout -modulus -in ${SSLCRTDIR}/apache2.pem`
 mod2=`openssl rsa -noout -modulus -in ${SSLKEYDIR}/apache2.key`
 
 if [ "$mod1" != "$mod2" ]; then
@@ -132,7 +132,7 @@ KEYS="${KEYS}
  - ${SSLKEYDIR}/apache2.key"
 
 cd ${SSLCRTDIR}
-ln -sf apache2.pem $(openssl x509 -hash -noout -in apache2.pem)
+ln -sf apache2.pem $(openssl x509 -sha256 -hash -noout -in apache2.pem)
 
 
 # Fix file access permissions.