Browse Source

certs: Generate dhparam file on every node. Always.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Maximilian Wilhelm 6 years ago
parent
commit
4649e90f9c
1 changed files with 4 additions and 0 deletions
  1. 4 0
      certs/init.sls

+ 4 - 0
certs/init.sls

@@ -14,6 +14,10 @@ update_ca_certificates:
     - name: /usr/sbin/update-ca-certificates
     - watch: []
 
+generate-dhparam:
+  cmd.run:
+    - name: openssl dhparam -out /etc/ssl/dhparam.pem 4096
+    - creates: /etc/ssl/dhparam.pem
 
 # Install FFHO internal CA into Debian CA certificate mangling mechanism so
 # libraries (read: openssl) can use the CA cert when validating internal