Use stronger cryptographic primitives when generating koji certs

Comply with current NSA recommendations Signed-off-by: George T Kramer <george.t.kramer@intel.com>
2026-04-28 11:03:50 +00:00 · 2019-07-29 15:32:22 -07:00
parent de2c38561d
commit ea7f3d0802
1 changed files with 2 additions and 2 deletions
--- a/koji-setup/deploy-koji.sh
+++ b/koji-setup/deploy-koji.sh
@@ -51,9 +51,9 @@ commonName              = supplied
 emailAddress            = optional

 [req]
-default_bits            = 2048
+default_bits            = 4096
 default_keyfile         = privkey.pem
-default_md              = sha256
+default_md              = sha512
 distinguished_name      = req_distinguished_name
 attributes              = req_attributes
 x509_extensions         = v3_ca # The extensions to add to the self signed cert