ECDSA fixed

8 years ago · bce63c209c
parent 2efaf97e58
commit bce63c209c
5 changed files with 8 additions and 5 deletions
--- a/config.cfg
+++ b/config.cfg
@ -5,13 +5,12 @@
 #  secp384r1
 #  secp521r1
 easyrsa_dir: /opt/easy-rsa-ipsec
-easyrsa_curve: prime256v1
 easyrsa_ca_expire: 3650
 easyrsa_cert_expire: 3650
 easyrsa_p12_export_password: vpn

 # if True re-init all existing certificates. Boolean
-easyrsa_reinit_existent: False
+easyrsa_reinit_existent: True

 # Domain or ip
 server_name: www.ivlis.me
--- a/configs/.gitinit
+++ b/configs/.gitinit
--- a/templates/easy-rsa.vars.j2
+++ b/templates/easy-rsa.vars.j2
@ -102,11 +102,11 @@ set_var EASYRSA_DN "cn_only"
 #  * rsa
 #  * ec

-set_var EASYRSA_ALGO       rsa
+set_var EASYRSA_ALGO       ec

 # Define the named curve, used in ec mode only:

-set_var EASYRSA_CURVE      {{ easyrsa_curve }}
+set_var EASYRSA_CURVE      prime256v1

 # In how many days should the root CA key expire?

--- a/templates/ipsec.secrets.j2
+++ b/templates/ipsec.secrets.j2
@ -1,2 +1,2 @@
-: RSA {{ server_name }}.key
+: ECDSA {{ server_name }}.key

--- a/templates/mobileconfig.j2
+++ b/templates/mobileconfig.j2
@ -45,6 +45,10 @@
                <string>{{ item.0 }}</string>
                <key>PayloadCertificateUUID</key>
                <string>1FB2907D-14D3-4BAB-A472-B304F4B7F7D9</string>
+                <key>CertificateType</key>
+                <string>ECDSA256</string>
+                <key>ServerCertificateIssuerCommonName</key>
+                <string>www.ivlis.me</string>                
                <key>RemoteAddress</key>
                <string>{{ server_name }}</string>
                <key>RemoteIdentifier</key>