Cron job – Generating weekly new DH PARAM files
Multimedia
Hello user!
Just create the following directory:
Bash
~# mkdir -p /etc/dhparamCreate file /usr/local/sbin/gen_dhparam with the following content:
Bash
~# touch /usr/local/sbin/gen_dhparamBash
# cat /etc/cron.weekly/gen_dhparam
#!/bin/bash
mkdir -p /etc/dhparam 2>/dev/null
FILE=`mktemp`
N=512
while [ $N -le 4096 ] ; do
openssl dhparam -out $FILE $N && cat $FILE >/etc/dhparam/dhparam${N}.pem
let N*=2
done
rm -f ${FILE}Set this file executable:
Bash
~# chmod +x /usr/local/sbin/gen_dhparamRun the script by:
Bash
~# /usr/local/sbin/gen_dhparamIt will take a long time, but 4 files will be generated in /etc/dhparam:
Bash
~# ll /etc/dhparam
total 32
drwxr-xr-x 2 root root 4096 Oct 9 15:38 ./
drwxr-xr-x 127 root root 12288 Oct 10 11:05 ../
-rw-r--r-- 1 root root 156 Oct 10 11:16 dhparam512.pem
-rw-r--r-- 1 root root 245 Oct 10 11:16 dhparam1024.pem
-rw-r--r-- 1 root root 424 Oct 10 11:17 dhparam2048.pem
-rw-r--r-- 1 root root 769 Oct 10 11:58 dhparam4096.pemAfter that just create a symlink /etc/cron.weekly/gen_dhparam to the new script:
Code
~# ln -s /usr/local/sbin/gen_dhparam /etc/cron.weekly/With these permissions and owner:
Bash
~# ll /etc/cron.weekly/gen_dhparam
lrwxrwxrwx 1 root root 27 Sep 14 17:31 /etc/cron.weekly/gen_dhparam -> /usr/local/sbin/gen_dhparam*Last important and final step is the creation of the weekly scheduled task in Plesk "Home > Tools & Settings > Scheduled Tasks" under root.
Or in other location, dependent on the used operation system and software environment:
Bash
FILE=`mktemp` ; openssl dhparam -out $FILE 512 && mv -f $FILE /etc/dhparam/dhparam512.pem && FILE=`mktemp` ; openssl dhparam -out $FILE 1024 && mv -f $FILE /etc/dhparam/dhparam1024.pem && FILE=`mktemp` ; openssl dhparam -out $FILE 2048 && mv -f $FILE /etc/dhparam/dhparam2048.pem && FILE=`mktemp` ; openssl dhparam -out $FILE 4096 && mv -f $FILE /etc/dhparam/dhparam4096.pemNo guarantees as usual. Thanks for watching.
Have fun with Diffie-Hellman (DH) key-exchange.