ECDSA fixed

Evgeniy Ivanov · Evgeniy Ivanov · commit bce63c209c06 · 2016-07-24T14:44:59.000+03:00
diff --git a/config.cfg b/config.cfg
@@ -5,13 +5,12 @@
 #  secp384r1
 #  secp521r1
 easyrsa_dir: /opt/easy-rsa-ipsec
-easyrsa_curve: prime256v1
 easyrsa_ca_expire: 3650
 easyrsa_cert_expire: 3650
 easyrsa_p12_export_password: vpn
 
 # if True re-init all existing certificates. Boolean
-easyrsa_reinit_existent: False
+easyrsa_reinit_existent: True
 
 # Domain or ip
 server_name: www.ivlis.me
diff --git a/configs/.gitinit b/configs/.gitinit
diff --git a/templates/easy-rsa.vars.j2 b/templates/easy-rsa.vars.j2
@@ -102,11 +102,11 @@ set_var EASYRSA_DN "cn_only"
 #  * rsa
 #  * ec
 
-set_var EASYRSA_ALGO       rsa
+set_var EASYRSA_ALGO       ec
 
 # Define the named curve, used in ec mode only:
 
-set_var EASYRSA_CURVE      {{ easyrsa_curve }}
+set_var EASYRSA_CURVE      prime256v1
 
 # In how many days should the root CA key expire?
 
diff --git a/templates/ipsec.secrets.j2 b/templates/ipsec.secrets.j2
@@ -1,2 +1,2 @@
-: RSA {{ server_name }}.key
+: ECDSA {{ server_name }}.key
 
diff --git a/templates/mobileconfig.j2 b/templates/mobileconfig.j2
@@ -45,6 +45,10 @@
                 <string>{{ item.0 }}</string>
                 <key>PayloadCertificateUUID</key>
                 <string>1FB2907D-14D3-4BAB-A472-B304F4B7F7D9</string>
+                <key>CertificateType</key>
+                <string>ECDSA256</string>
+                <key>ServerCertificateIssuerCommonName</key>
+                <string>www.ivlis.me</string>                
                 <key>RemoteAddress</key>
                 <string>{{ server_name }}</string>
                 <key>RemoteIdentifier</key>

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`		`-: RSA {{ server_name }}.key`
	`1`	`+: ECDSA {{ server_name }}.key`
`2`	`2`