1

Topic: Patch: update generate_ssl_keys.sh to generate keys using SHA-2

Here is a very quick patch to allow iRedMail to generate self-signed SSL keys using SHA-2 (sha256), which is a requirement for keys that expire after 2016 (Reference:  https://support.godaddy.com/help/articl … h-function ):

--- org/generate_ssl_keys.sh    2015-01-09 15:29:29.000000000 -0500
+++ new/generate_ssl_keys.sh    2015-01-09 15:30:02.000000000 -0500
@@ -69,7 +69,7 @@
     mkdir -p {certs,private} 2>/dev/null

     openssl req \
-        -x509 -nodes -days 3650 -newkey rsa:2048 \
+        -x509 -nodes -days 3650 -newkey rsa:2048 -sha256 \
         -subj "/C=${TLS_COUNTRY}/ST=${TLS_STATE}/L=${TLS_CITY}/O=${TLS_COMPANY}/OU=${TLS_DEPARTMENT}/CN=${TLS_HOSTNAME}/emailAddress=${TLS_ADMIN}/" \
         -out ${SSL_CERT_FILE} -keyout ${SSL_KEY_FILE} >/dev/null 2>&1

If there is a better way of communicating such issues, please let me know.

Tim Massey

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Patch: update generate_ssl_keys.sh to generate keys using SHA-2

Thanks for sharing, I will fix it later.