webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-24 18:03:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

IPsec: Use sane defaults for certificate lifetimes

Browse Source 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2020-02-10 11:46:51 +00:00
parent be28aade96
commit 926e5519a6
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
html/cgi-bin/vpnmain.cgi
View File

@@ -1007,7 +1007,7 @@ END
&General::log("ipsec", "Creating cacert...");
if (open(STDIN, "-|")) {
my $opt = " req -x509 -sha256 -nodes";
$opt .= " -days 999999";
$opt .= " -days 3650";
$opt .= " -newkey rsa:4096";
$opt .= " -keyout ${General::swroot}/private/cakey.pem";
$opt .= " -out ${General::swroot}/ca/cacert.pem";
@@ -1065,7 +1065,7 @@ END
print $fh "subjectAltName=$cgiparams{'SUBJECTALTNAME'}" if ($cgiparams{'SUBJECTALTNAME'});
close ($fh);
my $opt = " ca -md sha256 -days 999999";
my $opt = " ca -md sha256 -days 825";
$opt .= " -batch -notext";
$opt .= " -in ${General::swroot}/certs/hostreq.pem";
$opt .= " -out ${General::swroot}/certs/hostcert.pem";
@@ -1552,7 +1552,7 @@ END
# Sign the certificate request
&General::log("ipsec", "Signing your cert $cgiparams{'NAME'}...");
my $opt = " ca -md sha256 -days 999999";
my $opt = " ca -md sha256 -days 825";
$opt .= " -batch -notext";
$opt .= " -in $filename";
$opt .= " -out ${General::swroot}/certs/$cgiparams{'NAME'}cert.pem";
@@ -1825,7 +1825,7 @@ END
print $fh "subjectAltName=$cgiparams{'SUBJECTALTNAME'}" if ($cgiparams{'SUBJECTALTNAME'});
close ($fh);
my $opt = " ca -md sha256 -days 999999 -batch -notext";
my $opt = " ca -md sha256 -days 825 -batch -notext";
$opt .= " -in ${General::swroot}/certs/$cgiparams{'NAME'}req.pem";
$opt .= " -out ${General::swroot}/certs/$cgiparams{'NAME'}cert.pem";
$opt .= " -extfile $v3extname";