From: Tom Hughes Date: Wed, 12 Sep 2018 19:44:56 +0000 (+0100) Subject: Use openssl_dhparam to create dhparam files X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/7797ba038f496cb453193df985523e0dc5c435ec?hp=9d86ff163a1865803773d989da7e65298f62bed8 Use openssl_dhparam to create dhparam files --- diff --git a/cookbooks/ssl/files/default/dhparam.pem b/cookbooks/ssl/files/default/dhparam.pem deleted file mode 100644 index c895dd70d..000000000 --- a/cookbooks/ssl/files/default/dhparam.pem +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIIBCAKCAQEApDYHQhAm+Wje/kmAWAzCIOhzxJj6RjjKbOfsUp31PpBaeQKwdIZZ -jStXfkdo1/c4FfpKczO4WMQJBJjCts6nmEfaPTq/ybcVtG0GQDwO6NIjM8sSymUF -Qcnd9aH2jfUyciPqkAfTavvy+zZIU+3HxTvCA3I6JY5qLZ4YOpNheRu5Q9azBMLo -vfb+6oQGMnMvUVCSU8aw8BQ1qwhzJJQNAszQqA3DrxG17jsk0mBzsR3KSs4eNcjx -+65YhKArG76J1NolcP1rocehK5nrH2IO3cU2G/m2Y09DkXSP9thRSxUQ7rVKSgbC -KhA263146gEf+bbKdMf6zrsNpjisMZ62ewIBAg== ------END DH PARAMETERS----- diff --git a/cookbooks/ssl/recipes/default.rb b/cookbooks/ssl/recipes/default.rb index fa4ab02d8..ccb3508be 100644 --- a/cookbooks/ssl/recipes/default.rb +++ b/cookbooks/ssl/recipes/default.rb @@ -20,11 +20,15 @@ package "openssl" package "ssl-cert" -%w[letsencrypt dhparam].each do |certificate| - cookbook_file "/etc/ssl/certs/#{certificate}.pem" do - owner "root" - group "root" - mode 0o444 - backup false - end +cookbook_file "/etc/ssl/certs/letsencrypt.pem" do + owner "root" + group "root" + mode 0o444 + backup false +end + +openssl_dhparam "/etc/ssl/certs/dhparam.pem" do + owner "root" + group "root" + mode 0o444 end