[Triumf-linux-managers] recommended minima in /etc/pki/tls/openssl.cnf

[Andrew Daviel]

To obtain the current-good-practice strength of SSL keys, you should set 
these defaults in /etc/pki/tls/openssl.cnf

[ req ]
default_bits            = 2048
default_md              = sha256

[ CA_default ]
default_md      = sha256                # which md to use.

Other defaults may be set to TRIUMF, BC etc. so as to generate server 
certificate requests with pre-filled fields, so this file may not match 
the original RPM.


-- 
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376  (Pacific Time)
Network Security Manager