2 files changed, 5 insertions, 5 deletions

diff --git a/roles/common/files/usr/local/bin/gendhparam.sh b/roles/common/files/usr/local/bin/gendhparam.sh
index 84b7d56..a82a8a5 100755
--- a/roles/common/files/usr/local/bin/gendhparam.sh
+++ b/roles/common/files/usr/local/bin/gendhparam.sh
@@ -1,11 +1,10 @@
 #!/bin/sh
 
 set -ue
 PATH=/usr/bin:/bin
 
-privkey="$1"
+out="$1"
 bits="${2:-2048}"
-rand=
 
-install --mode=0600 /dev/null "$privkey"
-openssl dhparam -rand "${rand:-/dev/urandom}" "$bits" >"$privkey"
+install --mode=0644 /dev/null "$out"
+openssl dhparam "$bits" >"$out"
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 14cb7ae..1226d37 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -27,41 +27,42 @@
   tags: fail2ban
 - include: smart.yml
   tags:
     - smartmontools
     - smart
   when: "not ((ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen') or ansible_system_vendor == 'QEMU')"
 - include: haveged.yml
   tags:
     - haveged
     - entropy
 - name: Copy genkeypair.sh and gendhparam.sh
   copy: src=usr/local/bin/{{ item }}
         dest=/usr/local/bin/{{ item }}
         owner=root group=root
         mode=0755
   tags: genkey
   with_items:
     - genkeypair.sh
     - gendhparam.sh
 - name: Generate DH parameters
-  command: gendhparam.sh /etc/ssl/private/dhparams.pem creates=/etc/ssl/private/dhparams.pem
+  command: gendhparam.sh /etc/ssl/dhparams.pem 2048
+           creates=/etc/ssl/dhparams.pem
   tags: genkey
 - include: logging.yml
   tags: logging
 - include: ntp.yml
   tags: ntp
 - include: mail.yml
   tags:
     - mail
     - postfix
 - include: bacula.yml
   tags:
     - bacula-fd
     - bacula
 - include: munin-node.yml
   tags:
     - munin-node
     - munin
 - include: munin-node-ssl.yml
   when: "'munin-master' not in group_names"
   tags: