Increase key strength to 4096
This commit is contained in:
parent
86a96b8bc7
commit
148e41b2bb
|
@ -37,7 +37,7 @@ go will generate the binary at `go/bin/compy`.
|
|||
### HTTPS
|
||||
To use the proxy over HTTPS, you will need a certificate for your host. If you don't already have one, you can get one for [free](https://letsencrypt.org/) or you can generate a self-signed cert by running:
|
||||
```
|
||||
openssl req -x509 -newkey rsa:2048 -nodes -keyout cert.key -out cert.crt -days 3650 -subj '/CN=<your-domain>'
|
||||
openssl req -x509 -newkey rsa:4096 -nodes -keyout cert.key -out cert.crt -days 3650 -subj '/CN=<your-domain>'
|
||||
```
|
||||
then visit the proxy URL and confirm that you trust your own certificate
|
||||
|
||||
|
@ -57,7 +57,7 @@ Set the path to this file in the browser UI and you're good to go.
|
|||
### MitM
|
||||
To enable man-in-the-middle support, you will need to generate a root cert to sign all the certs generated by the proxy on the fly:
|
||||
```
|
||||
openssl req -x509 -newkey rsa:2048 -nodes -keyout ca.key -out ca.crt -days 3650 -subj '/CN=<your-domain>'
|
||||
openssl req -x509 -newkey rsa:4096 -nodes -keyout ca.key -out ca.crt -days 3650 -subj '/CN=<your-domain>'
|
||||
```
|
||||
and add it to your client (browser) as a trusted certificate authority
|
||||
|
||||
|
|
Loading…
Reference in New Issue