[2/5] apache: Drop RSA key and certificate generation

Message ID 20240920142022.589371-2-peter.mueller@ipfire.org
State Staged
Commit 3b54d0377b75b0afda27904b66040ec38a7b3416
Headers
Series [1/5] sshd: Do not generate new RSA host key on first boot |

Commit Message

Peter Müller Sept. 20, 2024, 2:20 p.m. UTC
  Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 src/initscripts/system/apache | 26 +-------------------------
 1 file changed, 1 insertion(+), 25 deletions(-)
  

Patch

diff --git a/src/initscripts/system/apache b/src/initscripts/system/apache
index e7a62097e..ba7ede670 100644
--- a/src/initscripts/system/apache
+++ b/src/initscripts/system/apache
@@ -2,7 +2,7 @@ 
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -25,13 +25,6 @@ 
 PIDFILE="/var/run/httpd.pid"
 
 generate_certificates() {
-	if [ ! -f "/etc/httpd/server.key" ]; then
-		boot_mesg "Generating HTTPS RSA server key (this will take a moment)..."
-		openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null
-		chmod 600 /etc/httpd/server.key
-		evaluate_retval
-	fi
-
 	if [ ! -f "/etc/httpd/server-ecdsa.key" ]; then
 		boot_mesg "Generating HTTPS ECDSA server key..."
 		openssl ecparam -genkey -name secp384r1 -noout \
@@ -40,29 +33,12 @@  generate_certificates() {
 		evaluate_retval
 	fi
 
-	# Generate RSA CSR
-	if [ ! -f "/etc/httpd/server.csr" ]; then
-		sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
-			openssl req -new -key /etc/httpd/server.key \
-				-out /etc/httpd/server.csr &>/dev/null
-	fi
-
-	# Generate ECDSA CSR
 	if [ ! -f "/etc/httpd/server-ecdsa.csr" ]; then
 		sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
 			openssl req -new -key /etc/httpd/server-ecdsa.key \
 			-out /etc/httpd/server-ecdsa.csr &>/dev/null
 	fi
 
-	if [ ! -f "/etc/httpd/server.crt" ]; then
-		boot_mesg "Signing RSA certificate..."
-		openssl x509 -req -days 999999 -sha256 \
-			-in /etc/httpd/server.csr \
-			-signkey /etc/httpd/server.key \
-			-out /etc/httpd/server.crt &>/dev/null
-		evaluate_retval
-	fi
-
 	if [ ! -f "/etc/httpd/server-ecdsa.crt" ]; then
 		boot_mesg "Signing ECDSA certificate..."
 		openssl x509 -req -days 999999 -sha256 \