Added DH parameter generation to ssl module

2011-03-30 12:52:09 +03:00 · 2011-03-30 12:52:09 +03:00 · 308cb7b9da
commit 308cb7b9da
parent d27bf2375a
1 changed files with 20 additions and 0 deletions
--- a/ssl/manifests/init.pp
+++ b/ssl/manifests/init.pp
@ -49,3 +49,23 @@ define ssl::certificate($cn, $keyout="", $days="3650", $keysize="2048", $subject
    }

 }
+
+
+# Create DH parameters.
+#
+# === Parameters:
+#
+#   $name:
+#       Output file.
+#   $keysize:
+#       Key size. Defaults to 1024.
+#
+define ssl::dhparam($keysize="1024") {
+
+    exec { "openssl-dhparam-${name}":
+        path    => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
+        command => "/bin/sh -c 'umask 077 ; openssl dhparam -out ${name} ${keysize}'",
+        creates => "${name}",
+    }
+
+}