Setting bit length of certificate to 4096 bits

il y a 10 ans · bdc699fcee
--- a/roles/ispmail-certificate/tasks/main.yml
+++ b/roles/ispmail-certificate/tasks/main.yml
@@ -1,14 +1,13 @@
 ---
 - name: Create a self-signed certificate
  command: >
    openssl req -new
      -x509
      -nodes
      -extensions v3_ca
    openssl req -newkey rsa:4096
      -nodes -sha512 -x509
      -days {{ ispmail_certificate_days_valid }}
      -nodes
      -subj "/C={{ ispmail_certificate_country }}/ST={{ ispmail_certificate_state }}/L={{ ispmail_certificate_location }}/O={{ ispmail_certificate_organisation }}/OU={{ ispmail_certificate_orgunit }}{% for domain in ispmail_certificate_domains %}/CN={{ domain }}{% endfor %}/emailAddress={{ ispmail_certificate_email }}"
      -keyout /etc/ssl/private/mailserver.pem
      -out /etc/ssl/certs/mailserver.pem
      -keyout /etc/ssl/private/mailserver.pem
  args:
    creates: /etc/ssl/certs/mailserver.pem
 - name: Restrict access permissions of the private key