Closed Miro-H closed 4 years ago
You can generate the DH parameters with
openssl dhparam -out /etc/ssl/private/dh_param.pem 4096
This partly fixes #9.
This should now work fine. I ran a completely new build and it works without errors.
@Miro-H @Liblor Can we merge this branch so it doesn't diverge too much?
@keyctl my changes are not yet reviewed, but I think they should work. @Liblor, maybe you can take a quick look at the openssl.cnf (Root CA and intermediate CA key and CRL generation)? The rest is not so critical.
After that we can merge. @keyctl, I took a quick look at your refactoring and didn't see any problems.
Is anyone of you a gitmaster? Since some stuff got move around it is already quite a pain :(
Is anyone of you a gitmaster? Since some stuff got move around it is already quite a pain :(
I can try if we are good to merge.
Is anyone of you a gitmaster? Since some stuff got move around it is already quite a pain :(
I can try if we are good to merge.
There are some pitfalls, since for example DataModel.User.Id got changed to DataModel.User.Uid in this branch (certserver), but the file got moved in the master branch, git doesn't recognize this automatically. So it wants to delete CertServer/Models/User.cs and keep the "old version" at the new location. There might be other cases like this...
@keyctl I think this can be merged now. In case there are some merge conflicts which raise functional questions, let me know when I can help.
Main changes:
/etc/ssl/trusted
accessible to grouptls-trusted
Regeneration of infrastructure tested and seems to work.