From 148e41b2bb69b6e8ebc59f596596f55385045c46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 24 May 2019 11:36:12 +0200 Subject: [PATCH] Increase key strength to 4096 --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 35ab161..9948964 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ go will generate the binary at `go/bin/compy`. ### HTTPS To use the proxy over HTTPS, you will need a certificate for your host. If you don't already have one, you can get one for [free](https://letsencrypt.org/) or you can generate a self-signed cert by running: ``` -openssl req -x509 -newkey rsa:2048 -nodes -keyout cert.key -out cert.crt -days 3650 -subj '/CN=' +openssl req -x509 -newkey rsa:4096 -nodes -keyout cert.key -out cert.crt -days 3650 -subj '/CN=' ``` then visit the proxy URL and confirm that you trust your own certificate @@ -57,7 +57,7 @@ Set the path to this file in the browser UI and you're good to go. ### MitM To enable man-in-the-middle support, you will need to generate a root cert to sign all the certs generated by the proxy on the fly: ``` -openssl req -x509 -newkey rsa:2048 -nodes -keyout ca.key -out ca.crt -days 3650 -subj '/CN=' +openssl req -x509 -newkey rsa:4096 -nodes -keyout ca.key -out ca.crt -days 3650 -subj '/CN=' ``` and add it to your client (browser) as a trusted certificate authority