boostrap: update domtool CA to use sha256

sha1 public certs can no longer be loaded on Debian 10 and later

diff --git a/bootstrap/common.ssl.conf b/bootstrap/common.ssl.conf
index c2c0ddb..40e234c 100644 (file)
--- a/bootstrap/common.ssl.conf
+++ b/bootstrap/common.ssl.conf
@@ -36,7 +36,7 @@ crl_extensions        = crl_ext
 
 default_days   = 365                   
 default_crl_days= 30
 
 default_days   = 365                   
 default_crl_days= 30

-default_md      = sha1
+default_md      = sha256

 preserve       = no                    
 
 policy         = policy_domtool
 preserve       = no                    
 
 policy         = policy_domtool


@@ -55,7 +55,7 @@ emailAddress          = supplied
 [ req ]
 default_bits            = 4096
 default_keyfile         = ${Domtool_Defaults::ca_dir}/private/ca-key.pem
 [ req ]
 default_bits            = 4096
 default_keyfile         = ${Domtool_Defaults::ca_dir}/private/ca-key.pem

-default_md              = sha1
+default_md              = sha256

 
 prompt                  = no
 distinguished_name      = root_ca_distinguished_name
 
 prompt                  = no
 distinguished_name      = root_ca_distinguished_name