SSPCPP-686 - Switch to SHA-2 certs and 3072 bit keys on install

[shibboleth/cpp-sp.git] / configs / keygen.sh

diff --git a/configs/keygen.sh b/configs/keygen.sh
index 4ee69f6..002acd9 100755 (executable)
--- a/configs/keygen.sh
+++ b/configs/keygen.sh
@@ -50,12 +50,12 @@ fi
 
 SSLCNF=$OUT/sp-cert.cnf
 cat >$SSLCNF <<EOF
-# OpenSSL configuration file for creating sp-cert.pem
+# OpenSSL configuration file for creating keypair
 [req]
 prompt=no
-default_bits=2048
+default_bits=3072
 encrypt_key=no
-default_md=sha1
+default_md=sha256
 distinguished_name=dn
 # PrintableStrings only
 string_mask=MASK:0002