e1e3d8a92b
- Remove openssl.cnf which includes many unused settings. - Generate the key and cert files with a single call to openssl. - Option `-nodes` ("no DES") disables encryption of the key file. - Option `-addext` is used to specify `subjectAltName` settings that were previously defined by openssl.cnf. The key type is unchanged. Certificate changes: - Certificate duration is now 10 years - Organization (subj 'O') is now 'loop' instead of 'loopd' for lightning-loop to simplify the code. For reference, the org. name in auto-generated loop certs is "loop autogenerated cert". - The certificate now includes all default x509v3 extensions. These were previously restricted to just `subjectAltName` by openssl.cnf. We now use the openssl defaults for simplicity. |
||
---|---|---|
.. | ||
default.nix | ||
generate-secrets.sh | ||
update-and-generate.nix | ||
update-secrets.sh |