Fixes #34604 - Revert "Revert "Switch from genrsa to genpkey""

This reverts commit e17529e. genrsa is deprecated and genpkey is the replacement. Additionally, FIPS enablement enforces this.
Katello · Mar 14, 2022 · 571cae6 · 571cae6
1 parent 737150f
commit 571cae6
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/katello_certs_tools/katello_ssl_tool.py b/katello_certs_tools/katello_ssl_tool.py
@@ -189,8 +189,8 @@ def genPrivateCaKey(password, d, verbosity=0, forceYN=0):
 """ % ca_key)
         sys.exit(errnoGeneralError)
 
-    args = ("/usr/bin/openssl genrsa -passout pass:%s %s -out %s 4096"
-            % ('%s', CRYPTO, repr(cleanupAbsPath(ca_key))))
+    args = ("/usr/bin/openssl genpkey -pass pass:%s %s -out %s -algorithm rsa -pkeyopt rsa_keygen_bits:4096"
+                % ('%s', CRYPTO, repr(cleanupAbsPath(ca_key))))
 
     if verbosity >= 0:
         print("Generating private CA key: %s" % ca_key)
@@ -332,8 +332,8 @@ def genServerKey(d, verbosity=0):
     server_key = os.path.join(serverKeyPairDir,
                               os.path.basename(d['--server-key']))
 
-    args = ("/usr/bin/openssl genrsa -out %s 4096"
-            % (repr(cleanupAbsPath(server_key))))
+    args = ("/usr/bin/openssl genpkey -out %s -algorithm rsa -pkeyopt rsa_keygen_bits:4096"
+                % (repr(cleanupAbsPath(server_key))))
 
     # generate the server key
     if verbosity >= 0: