From: Mathieu Baudier <mbaudier@argeo.org>
Date: Tue, 30 May 2023 11:47:26 +0000 (+0200)
Subject: Self-signed certificate with RSA 3072
X-Git-Tag: v2.3.17~5
X-Git-Url: http://git.argeo.org/?a=commitdiff_plain;h=336b6fc4daf99349f11322621571e4bea5b36ddb;p=lgpl%2Fargeo-commons.git

Self-signed certificate with RSA 3072
---

diff --git a/org.argeo.cms.lib.sshd/src/org/argeo/cms/bc/BcUtils.java b/org.argeo.cms.lib.sshd/src/org/argeo/cms/bc/BcUtils.java
index 00d3f7c44..81ab67727 100644
--- a/org.argeo.cms.lib.sshd/src/org/argeo/cms/bc/BcUtils.java
+++ b/org.argeo.cms.lib.sshd/src/org/argeo/cms/bc/BcUtils.java
@@ -79,6 +79,9 @@ public class BcUtils {
 		return BC_SECURITY_PROVIDER.equals(BC_SECURITY_PROVIDER_FIPS);
 	}
 
+	/*
+	 * openssl req -x509 -newkey rsa:3072 -keyout node.key -out node.crt -sha256 -days 365 -nodes -subj "/O=UNSECURE/OU=UNSECURE/CN=$(hostname)"
+	 */
 	public static void createSelfSignedKeyStore(Path keyStorePath, char[] keyStorePassword, String keyStoreType) {
 		// for (Provider provider : Security.getProviders())
 		// System.out.println(provider.getName());
@@ -90,7 +93,7 @@ public class BcUtils {
 				KeyStore keyStore = getKeyStore(keyStorePath, keyStorePassword, keyStoreType);
 				generateSelfSignedCertificate(keyStore,
 						new X500Principal("CN=" + InetAddress.getLocalHost().getHostName() + ",OU=UNSECURE,O=UNSECURE"),
-						1024, keyPwd);
+						3072, keyPwd);
 				saveKeyStore(keyStorePath, keyStorePassword, keyStore);
 				if (log.isDebugEnabled())
 					log.debug("Created self-signed unsecure keystore " + keyStorePath);