Advisories ยป MGAA-2020-0217

Updated rpm-helper package fixes SSL private key key_lenght generation

Publication date: 24 Oct 2020
Type: bugfix
Affected Mageia releases : 7


The updated crypto-policies from the Firefox ESR 78 update no longer accept
SSL private keys with a key length less than 4096.  The rpm-helper package
generated keys with a length of 2048.

If you had previously edited the /etc/sysconfig/ssl file, you will need to
update the KEY_LENGTH value to 4096 as this update does, and generate new keys
and certificates.

For example, to generate a new private key and certificate for the Apache web
server, run the following commands as root:

rm -f /etc/pki/tls/private/httpd.pem /etc/pki/tls/certs/httpd.pem
/usr/share/rpm-helper/create-ssl-certificate apache 1 httpd