From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 2/5] apache: Drop RSA key and certificate generation
Date: Fri, 20 Sep 2024 14:20:19 +0000
Message-ID: <20240920142022.589371-2-peter.mueller@ipfire.org>
In-Reply-To: <20240920142022.589371-1-peter.mueller@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============9047591900568775038=="
List-Id: <development.lists.ipfire.org>

--===============9047591900568775038==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
---
 src/initscripts/system/apache | 26 +-------------------------
 1 file changed, 1 insertion(+), 25 deletions(-)

diff --git a/src/initscripts/system/apache b/src/initscripts/system/apache
index e7a62097e..ba7ede670 100644
--- a/src/initscripts/system/apache
+++ b/src/initscripts/system/apache
@@ -2,7 +2,7 @@
 ############################################################################=
###
 #                                                                           =
  #
 # IPFire.org - A linux based firewall                                       =
  #
-# Copyright (C) 2007-2022  IPFire Team  <info(a)ipfire.org>                 =
    #
+# Copyright (C) 2007-2024  IPFire Team  <info(a)ipfire.org>                 =
    #
 #                                                                           =
  #
 # This program is free software: you can redistribute it and/or modify      =
  #
 # it under the terms of the GNU General Public License as published by      =
  #
@@ -25,13 +25,6 @@
 PIDFILE=3D"/var/run/httpd.pid"
=20
 generate_certificates() {
-	if [ ! -f "/etc/httpd/server.key" ]; then
-		boot_mesg "Generating HTTPS RSA server key (this will take a moment)..."
-		openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null
-		chmod 600 /etc/httpd/server.key
-		evaluate_retval
-	fi
-
 	if [ ! -f "/etc/httpd/server-ecdsa.key" ]; then
 		boot_mesg "Generating HTTPS ECDSA server key..."
 		openssl ecparam -genkey -name secp384r1 -noout \
@@ -40,29 +33,12 @@ generate_certificates() {
 		evaluate_retval
 	fi
=20
-	# Generate RSA CSR
-	if [ ! -f "/etc/httpd/server.csr" ]; then
-		sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
-			openssl req -new -key /etc/httpd/server.key \
-				-out /etc/httpd/server.csr &>/dev/null
-	fi
-
-	# Generate ECDSA CSR
 	if [ ! -f "/etc/httpd/server-ecdsa.csr" ]; then
 		sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
 			openssl req -new -key /etc/httpd/server-ecdsa.key \
 			-out /etc/httpd/server-ecdsa.csr &>/dev/null
 	fi
=20
-	if [ ! -f "/etc/httpd/server.crt" ]; then
-		boot_mesg "Signing RSA certificate..."
-		openssl x509 -req -days 999999 -sha256 \
-			-in /etc/httpd/server.csr \
-			-signkey /etc/httpd/server.key \
-			-out /etc/httpd/server.crt &>/dev/null
-		evaluate_retval
-	fi
-
 	if [ ! -f "/etc/httpd/server-ecdsa.crt" ]; then
 		boot_mesg "Signing ECDSA certificate..."
 		openssl x509 -req -days 999999 -sha256 \
--=20
2.39.5


--===============9047591900568775038==--