From e39583cc9d7f101d59f7ee6da5d5414726dada6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Wed, 20 May 2015 23:10:44 +0200 Subject: [PATCH 1/2] sha256 when generating certificates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Small detail, but when generating certificates using sha256 is recommended. See for example http://googleonlinesecurity.blogspot.se/2014/09/gradually-sunsetting-sha-1.html. Signed-off-by: Thomas Sjögren --- docs/deploying.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/deploying.md b/docs/deploying.md index cc1108755..afbc44edc 100644 --- a/docs/deploying.md +++ b/docs/deploying.md @@ -284,7 +284,7 @@ source](https://github.com/docker/distribution/releases/tag/v2.0.0). 5. Use SSL to generate some self-signed certificates. $ openssl req \ - -newkey rsa:2048 -nodes -keyout certs/domain.key \ + -newkey rsa:2048 -nodes -sha256 -keyout certs/domain.key \ -x509 -days 365 -out certs/domain.crt This command prompts you for basic information it needs to create the certificates. @@ -420,7 +420,7 @@ procedure. The directory includes an example `compose` configuration. 2. Use SSL to generate some self-signed certificates. $ openssl req \ - -newkey rsa:2048 -nodes -keyout domain.key \ + -newkey rsa:2048 -nodes -sha256 -keyout domain.key \ -x509 -days 365 -out domain.crt This command prompts you for basic information it needs to create certificates. From 58981a4535427aeed69a6089d6b4f16ea2e6656b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Sun, 24 May 2015 22:02:25 +0200 Subject: [PATCH 2/2] increase key size to 4096. @diogomonica MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- docs/deploying.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/deploying.md b/docs/deploying.md index afbc44edc..a15f5a91b 100644 --- a/docs/deploying.md +++ b/docs/deploying.md @@ -284,7 +284,7 @@ source](https://github.com/docker/distribution/releases/tag/v2.0.0). 5. Use SSL to generate some self-signed certificates. $ openssl req \ - -newkey rsa:2048 -nodes -sha256 -keyout certs/domain.key \ + -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \ -x509 -days 365 -out certs/domain.crt This command prompts you for basic information it needs to create the certificates. @@ -420,7 +420,7 @@ procedure. The directory includes an example `compose` configuration. 2. Use SSL to generate some self-signed certificates. $ openssl req \ - -newkey rsa:2048 -nodes -sha256 -keyout domain.key \ + -newkey rsa:4096 -nodes -sha256 -keyout domain.key \ -x509 -days 365 -out domain.crt This command prompts you for basic information it needs to create certificates.