island: Set tighter permissions on certs in create_certificate.sh

This commit is contained in:
Mike Salvatore 2021-06-08 07:17:59 -04:00
parent 93e18a525c
commit 3841dd7f7b
1 changed files with 6 additions and 0 deletions

View File

@ -21,10 +21,16 @@ umask 377
echo "Generating key in $server_root/server.key..." echo "Generating key in $server_root/server.key..."
openssl genrsa -out "$server_root"/server.key 2048 openssl genrsa -out "$server_root"/server.key 2048
chmod 400 "$server_root"/server.key
echo "Generating csr in $server_root/server.csr..." echo "Generating csr in $server_root/server.csr..."
openssl req -new -key "$server_root"/server.key -out "$server_root"/server.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com" openssl req -new -key "$server_root"/server.key -out "$server_root"/server.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=Monkey Department/CN=monkey.com"
chmod 400 "$server_root"/server.csr
echo "Generating certificate in $server_root/server.crt..." echo "Generating certificate in $server_root/server.crt..."
openssl x509 -req -days 366 -in "$server_root"/server.csr -signkey "$server_root"/server.key -out "$server_root"/server.crt openssl x509 -req -days 366 -in "$server_root"/server.csr -signkey "$server_root"/server.key -out "$server_root"/server.crt
chmod 400 "$server_root"/server.crt
# Shove some new random data into the file to override the original seed we put in. # Shove some new random data into the file to override the original seed we put in.
if [ "$CREATED_RND_FILE" = true ] ; then if [ "$CREATED_RND_FILE" = true ] ; then