gen-ec-cert: remove wx permissions from generated files

This commit is contained in:
Lucas 2020-03-14 13:36:41 +00:00
parent eb605487e5
commit 10d1e7d0d3

View File

@ -31,9 +31,9 @@ if [ -f "$domain.key" ]; then
printf "%s: key for %s already exists; reusing it.\n" \
"${0##*/}" "$domain" >&2
else
(umask 077 &&
(umask 0377 &&
openssl ecparam -genkey -name "$curve" -out "$domain.key")
fi
openssl req -new -x509 -days "$days" -subj "/CN=$domain" \
umask 0333 && openssl req -new -x509 -days "$days" -subj "/CN=$domain" \
-key "$domain.key" -out "$domain.pem"