Use string cert CA defaults

Switch from sha1 to sha256 and from 1024 bits to 2048 bits. Do this because things don't like the old inseucre sha1+1024bits combo. Change-Id: Iae2958969aed0cd880844e19e8055c8bdc7d064d
2017-04-27 09:54:27 -07:00 · 2017-04-27 09:54:27 -07:00 · faffde1f97
parent a292c5068c
commit faffde1f97
1 changed files with 3 additions and 3 deletions
--- a/lib/tls
+++ b/lib/tls
@ -113,11 +113,11 @@ new_certs_dir           = \$dir/newcerts
 certificate             = \$dir/cacert.pem
 private_key             = \$dir/private/cacert.key
 RANDFILE                = \$dir/private/.rand
-default_md              = default
+default_md              = sha256

 [ req ]
-default_bits            = 1024
-default_md              = sha1
+default_bits            = 2048
+default_md              = sha256

 prompt                  = no
 distinguished_name      = ca_distinguished_name