Use openssl_dhparam to create dhparam files
authorTom Hughes <tom@compton.nu>
Wed, 12 Sep 2018 19:44:56 +0000 (20:44 +0100)
committerTom Hughes <tom@compton.nu>
Wed, 12 Sep 2018 19:44:56 +0000 (20:44 +0100)
cookbooks/ssl/files/default/dhparam.pem [deleted file]
cookbooks/ssl/recipes/default.rb

diff --git a/cookbooks/ssl/files/default/dhparam.pem b/cookbooks/ssl/files/default/dhparam.pem
deleted file mode 100644 (file)
index c895dd7..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEApDYHQhAm+Wje/kmAWAzCIOhzxJj6RjjKbOfsUp31PpBaeQKwdIZZ
-jStXfkdo1/c4FfpKczO4WMQJBJjCts6nmEfaPTq/ybcVtG0GQDwO6NIjM8sSymUF
-Qcnd9aH2jfUyciPqkAfTavvy+zZIU+3HxTvCA3I6JY5qLZ4YOpNheRu5Q9azBMLo
-vfb+6oQGMnMvUVCSU8aw8BQ1qwhzJJQNAszQqA3DrxG17jsk0mBzsR3KSs4eNcjx
-+65YhKArG76J1NolcP1rocehK5nrH2IO3cU2G/m2Y09DkXSP9thRSxUQ7rVKSgbC
-KhA263146gEf+bbKdMf6zrsNpjisMZ62ewIBAg==
------END DH PARAMETERS-----
index fa4ab02d8f1bf8cd3cec1dc6a984f42a658bc03c..ccb3508be195e7f54329aedb66e63258089e9f32 100644 (file)
 package "openssl"
 package "ssl-cert"
 
-%w[letsencrypt dhparam].each do |certificate|
-  cookbook_file "/etc/ssl/certs/#{certificate}.pem" do
-    owner "root"
-    group "root"
-    mode 0o444
-    backup false
-  end
+cookbook_file "/etc/ssl/certs/letsencrypt.pem" do
+  owner "root"
+  group "root"
+  mode 0o444
+  backup false
+end
+
+openssl_dhparam "/etc/ssl/certs/dhparam.pem" do
+  owner "root"
+  group "root"
+  mode 0o444
 end