X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=src%2Ftlsproxy-setup;h=d553404eba931a749c7e4218212e7304486ab507;hb=219d904b7d12173ee93d016fe1a2cb8ae32eea9c;hp=a17b390e1f924407784a295916669f9180c10d2d;hpb=c98db32cbc4a3f7e4b655aacfbc503639bb8379c;p=tlsproxy%2Ftlsproxy.git

diff --git a/src/tlsproxy-setup b/src/tlsproxy-setup
index a17b390..d553404 100755
--- a/src/tlsproxy-setup
+++ b/src/tlsproxy-setup
@@ -27,11 +27,13 @@ trap 'rm -f "$tempfile"' EXIT
 
 # Generate proxy CA key file.
 certtool --generate-privkey \
+         --sec-param high \
          --outfile proxy-ca-key.pem
 # Generate proxy CA.
 echo 'cn = tlsproxy CA' > "$tempfile"
 echo ca                >> "$tempfile"
 echo cert_signing_key  >> "$tempfile"
+echo 'expiration_days = 3650' >> "$tempfile"
 certtool --generate-self-signed \
          --load-privkey proxy-ca-key.pem \
          --template "$tempfile" \
@@ -39,6 +41,7 @@ certtool --generate-self-signed \
 
 # Generate proxy key file.
 certtool --generate-privkey \
+         --sec-param high \
          --outfile proxy-key.pem
 
 # Generate proxy "invalid" server certificate. It's used for problematic
@@ -48,6 +51,7 @@ echo 'cn = invalid'           >> "$tempfile"
 echo tls_www_server           >> "$tempfile"
 echo encryption_key           >> "$tempfile"
 echo signing_key              >> "$tempfile"
+echo 'expiration_days = 3650' >> "$tempfile"
 certtool --generate-self-signed \
          --load-privkey proxy-key.pem \
          --template "$tempfile" \
@@ -55,4 +59,9 @@ certtool --generate-self-signed \
 
 rm "$tempfile"
 
+# Generate proxy Diffie-Hellman parameters.
+certtool --generate-dh-params \
+         --sec-param high \
+         --outfile proxy-dh.pem
+
 echo done