ECC ssl certificates (SKINS)

Version 1.61.0

Feature
Finished

Support for ECDSA (Elliptic Curve Digital Signature Algorithm) certificates for smaller key sizes and improved security. New internal default: ecc_certificates=1 where, if you wish to prevent Users from creating ECC certs, run: cd /usr/local/directadmin ./directadmin set ecc_certificates 0 service directadmin restart ================= POST The calls to CMD_SSL are unaffected. However, anywhere you can pass: keysize=2048 keysize=4096 you can now also pass any of: keysize=prime256v1 keysize=secp384r1 keysize=secp521r1 ================= SKINS: Enhanced: user/ssl.html Swapped out the "keysize" select-box with |KEYSIZE| ================= LETSENCRYPT Since the letsencrypt.sh creates it's own keys, the new ECC key creation code will need to be run there. To tell LE that we're trying to create an ECC cert, the provided san_config file will have it's usually (non-used) value: default_keyfile\t\t= keyfile.pem changed to: default_keyfile\t\t= secp521r1.pem or whichever new keysize algorithm is being requested. ================= JSON The extra key-sizes are included in the new output, so this is backwards compatible (assuming your skin is ok without numbers) "key_sizes": { "2048": "", "4096": "", "prime256v1": "", "secp384r1": "select", "secp521r1": "" } However, a sibling array has been added in the same output, providing the standard "JSON Select" output, which includes nice name values: CMD_SSL?domain=domain.com&json=yes "keysize_select": { "0": { "text": "2048-bit", "value": "2048" }, "1": { "text": "4096-bit", "value": "4096" }, "2": { "text": " X9.62/SECG curve over a 256 bit prime field", "value": "prime256v1" }, "3": { "selected": "yes", "text": " NIST/SECG curve over a 384 bit prime field", "value": "secp384r1" }, "4": { "text": " NIST/SECG curve over a 521 bit prime field", "value": "secp521r1" } } ========== EVO1851

Interested to try DirectAdmin? Get a 30-day Free Trial!