diff --git a/bin/create_dual_intermediate_CA.sh b/bin/create_dual_intermediate_CA.sh index 2cb1ae38fc..6874f21336 100755 --- a/bin/create_dual_intermediate_CA.sh +++ b/bin/create_dual_intermediate_CA.sh @@ -44,9 +44,7 @@ touch index.txt echo 1000 > serial # Create the client CA private key -# Note: This uses short key lengths to save entropy in the test gates. -# This is not recommended for deployment use! -openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 1024 +openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 2048 chmod 400 private/ca.key.pem # Create the client CA root certificate @@ -60,9 +58,7 @@ touch intermediate_ca/index.txt echo 1000 > intermediate_ca/serial # Create the client intermediate CA private key -# Note: This uses short key lengths to save entropy in the test gates. -# This is not recommended for deployment use! -openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 1024 +openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 2048 chmod 400 intermediate_ca/private/intermediate.ca.key.pem # Create the client intermediate CA certificate signing request @@ -75,9 +71,7 @@ openssl ca -config ../../openssl.cnf -name CA_intermediate -extensions v3_interm cat intermediate_ca/certs/intermediate.cert.pem certs/ca.cert.pem > intermediate_ca/ca-chain.cert.pem ###### Create the client key and certificate -# Note: This uses short key lengths to save entropy in the test gates. -# This is not recommended for deployment use! -openssl genrsa -aes128 -out intermediate_ca/private/controller.key.pem -passout pass:not-secure-passphrase 1024 +openssl genrsa -aes128 -out intermediate_ca/private/controller.key.pem -passout pass:not-secure-passphrase 2048 chmod 400 intermediate_ca/private/controller.key.pem # Create the client controller certificate signing request @@ -109,9 +103,7 @@ touch index.txt echo 1000 > serial # Create the server CA private key -# Note: This uses short key lengths to save entropy in the test gates. -# This is not recommended for deployment use! -openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 1024 +openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 2048 chmod 400 private/ca.key.pem # Create the server CA root certificate @@ -125,9 +117,7 @@ touch intermediate_ca/index.txt echo 1000 > intermediate_ca/serial # Create the server intermediate CA private key -# Note: This uses short key lengths to save entropy in the test gates. -# This is not recommended for deployment use! -openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 1024 +openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 2048 chmod 400 intermediate_ca/private/intermediate.ca.key.pem # Create the server intermediate CA certificate signing request diff --git a/bin/create_single_CA_intermediate_CA.sh b/bin/create_single_CA_intermediate_CA.sh index 7403c33ca5..445c6f5744 100755 --- a/bin/create_single_CA_intermediate_CA.sh +++ b/bin/create_single_CA_intermediate_CA.sh @@ -44,9 +44,7 @@ touch index.txt echo 1000 > serial # Create the client CA private key -# Note: This uses short key lengths to save entropy in the test gates. -# This is not recommended for deployment use! -openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 1024 +openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 2048 chmod 400 private/ca.key.pem # Create the client CA root certificate @@ -60,9 +58,7 @@ touch intermediate_ca/index.txt echo 1000 > intermediate_ca/serial # Create the client intermediate CA private key -# Note: This uses short key lengths to save entropy in the test gates. -# This is not recommended for deployment use! -openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 1024 +openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 2048 chmod 400 intermediate_ca/private/intermediate.ca.key.pem # Create the client intermediate CA certificate signing request @@ -75,9 +71,7 @@ openssl ca -config ../../openssl.cnf -name CA_intermediate -extensions v3_interm cat intermediate_ca/certs/intermediate.cert.pem certs/ca.cert.pem > intermediate_ca/ca-chain.cert.pem ###### Create the client key and certificate -# Note: This uses short key lengths to save entropy in the test gates. -# This is not recommended for deployment use! -openssl genrsa -aes128 -out intermediate_ca/private/controller.key.pem -passout pass:not-secure-passphrase 1024 +openssl genrsa -aes128 -out intermediate_ca/private/controller.key.pem -passout pass:not-secure-passphrase 2048 chmod 400 intermediate_ca/private/controller.key.pem # Create the client controller certificate signing request