Use genpkey and pkey instead of genrsa and rsa
genrsa and rsa are being deprecated by OpenSSL and both genpkey and pkey provides the same functionalities as genrsa and rsa will being more configurable.
This commit is contained in:
parent
97f1affa1b
commit
38aac7b137
23
shellpki
23
shellpki
|
@ -137,7 +137,7 @@ warning() {
|
|||
}
|
||||
|
||||
verify_ca_password() {
|
||||
"${OPENSSL_BIN}" rsa \
|
||||
"${OPENSSL_BIN}" pkey \
|
||||
-in "${CA_KEY}" \
|
||||
-passin pass:"${CA_PASSWORD}" \
|
||||
>/dev/null 2>&1
|
||||
|
@ -278,17 +278,18 @@ init() {
|
|||
|
||||
passout_arg=""
|
||||
if [ -n "${CA_PASSWORD:-}" ]; then
|
||||
passout_arg="-passout pass:${CA_PASSWORD}"
|
||||
passout_arg="-pass pass:${CA_PASSWORD}"
|
||||
elif [ "${non_interactive}" -eq 1 ]; then
|
||||
error "In non-interactive mode, you must pass CA_PASSWORD as environment variable."
|
||||
fi
|
||||
|
||||
if [ ! -f "${CA_KEY}" ]; then
|
||||
"${OPENSSL_BIN}" genrsa \
|
||||
"${OPENSSL_BIN}" genpkey \
|
||||
-algorithm RSA \
|
||||
-out "${CA_KEY}" \
|
||||
${passout_arg} \
|
||||
-aes256 \
|
||||
"${CA_KEY_LENGTH}" \
|
||||
-pkeyopt "rsa_keygen_bits:${CA_KEY_LENGTH}" \
|
||||
>/dev/null 2>&1
|
||||
# shellcheck disable=SC2181
|
||||
if [ "$?" -ne 0 ]; then
|
||||
|
@ -355,9 +356,10 @@ ocsp() {
|
|||
port=$(echo "${ocsp_uri}" | cut -d':' -f2)
|
||||
|
||||
if [ ! -f "${OCSP_KEY}" ]; then
|
||||
"${OPENSSL_BIN}" genrsa \
|
||||
"${OPENSSL_BIN}" genpkey \
|
||||
-algorithm RSA \
|
||||
-out "${OCSP_KEY}" \
|
||||
"${KEY_LENGTH}" \
|
||||
-pkeyopt "rsa_keygen_bits:${KEY_LENGTH}" \
|
||||
>/dev/null 2>&1
|
||||
# shellcheck disable=SC2181
|
||||
if [ "$?" -ne 0 ]; then
|
||||
|
@ -671,14 +673,15 @@ create() {
|
|||
# generate private key
|
||||
pass_args=""
|
||||
if [ -n "${password_file:-}" ]; then
|
||||
pass_args="-aes256 -passout file:${password_file}"
|
||||
pass_args="-aes256 -pass file:${password_file}"
|
||||
elif [ -n "${PASSWORD:-}" ]; then
|
||||
pass_args="-aes256 -passout pass:${PASSWORD}"
|
||||
pass_args="-aes256 -pass pass:${PASSWORD}"
|
||||
fi
|
||||
"${OPENSSL_BIN}" genrsa \
|
||||
"${OPENSSL_BIN}" genpkey \
|
||||
-algorithm RSA \
|
||||
-out "${key_file}" \
|
||||
${pass_args} \
|
||||
"${KEY_LENGTH}" \
|
||||
-pkeyopt "rsa_keygen_bits:${KEY_LENGTH}" \
|
||||
>/dev/null 2>&1
|
||||
# shellcheck disable=SC2181
|
||||
if [ "$?" -eq 0 ]; then
|
||||
|
|
Loading…
Reference in a new issue