nix-bitcoin/pkgs/generate-secrets
Erik Arvstedt e1e3d8a92b
secrets: simplify cert generation
- Remove openssl.cnf which includes many unused settings.
- Generate the key and cert files with a single call to openssl.
  - Option `-nodes` ("no DES") disables encryption of the key file.
  - Option `-addext` is used to specify `subjectAltName` settings
    that were previously defined by openssl.cnf.

The key type is unchanged.
Certificate changes:
- Certificate duration is now 10 years
- Organization (subj 'O') is now 'loop' instead of 'loopd' for
  lightning-loop to simplify the code.
  For reference, the org. name in auto-generated loop certs is
  "loop autogenerated cert".
- The certificate now includes all default x509v3 extensions.
  These were previously restricted to just `subjectAltName` by openssl.cnf.
  We now use the openssl defaults for simplicity.
2021-09-11 15:07:24 +02:00
..
default.nix generate-secrets: use pwgen 2020-12-18 19:56:56 +01:00
generate-secrets.sh secrets: simplify cert generation 2021-09-11 15:07:24 +02:00
update-and-generate.nix simplify secrets file format 2020-01-13 00:25:11 +01:00
update-secrets.sh lightning-charge: remove package and module 2021-01-01 19:16:46 +00:00