You are here
leeand00 - Tue, 2015/11/24 - 22:14
I was reading about configuration files for OpenSSL and was wondering if it was possible to configure my openssl certificates prior to first boot, and if there was some place where the certificate request (csr) would appear after first boot, so I could send it into my certificate authority.
By default they appear to be configured correctly with SHA256+TLS1.2 and a keysize of 2048 bits, but of course you need to add other parameters to the csr to request a verified certificate; is there anyway to preconfigure this?
Forum:
TBH I'm not totally clear on what you are hoping for
Here are some links to the code that is included in TurnKey which maybe of interest:
https://github.com/turnkeylinux/common/tree/master/overlays/turnkey.d/ss...
https://github.com/turnkeylinux/common/blob/master/conf/turnkey.d/sslcert
https://github.com/turnkeylinux/common/blob/master/overlays/turnkey.d/ss...
https://github.com/turnkeylinux/common/blob/master/overlays/turnkey.d/ss...
https://github.com/turnkeylinux/common/blob/master/overlays/turnkey.d/ss...
Hopefully that gives you some insight into how we already do things. I'd be interested to hear more about your ideas so even if you don't want to commit some code it'd be great if you shared.
Also for context, the reason why we do all this stuff at firstboot rather than during install: The reasoning is because we distribute in a lot of different formats and only ISO install supports doing stuff at "install" (all the other builds are already installed...)
Add new comment