From ebe8b7a6f066c55d951bb1193b85c5725b725dc1 Mon Sep 17 00:00:00 2001
From: Stephen Marshall <stmarsh@uk.ibm.com>
Date: Mon, 21 Oct 2019 12:34:25 +0100
Subject: [PATCH] Add required security settings when creating self-signed
 certificates

---
 internal/keystore/keystore.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/keystore/keystore.go b/internal/keystore/keystore.go
index 0b8f0f5..2c2b758 100644
--- a/internal/keystore/keystore.go
+++ b/internal/keystore/keystore.go
@@ -152,7 +152,7 @@ func (ks *KeyStore) Import(inputFile, password string) error {
 
 // CreateSelfSignedCertificate creates a self-signed certificate in the keystore
 func (ks *KeyStore) CreateSelfSignedCertificate(label, dn, hostname string) error {
-	out, _, err := command.Run(ks.command, "-cert", "-create", "-db", ks.Filename, "-pw", ks.Password, "-label", label, "-dn", dn, "-san_dnsname", hostname)
+	out, _, err := command.Run(ks.command, "-cert", "-create", "-db", ks.Filename, "-pw", ks.Password, "-label", label, "-dn", dn, "-san_dnsname", hostname, "-size 2048 -sig_alg sha256 -eku serverAuth")
 	if err != nil {
 		return fmt.Errorf("error running \"%v -cert -create\": %v %s", ks.command, err, out)
 	}