Change the default EC key to secp384r1 prime256v1 is okay for now, but secp384r1 is more future-proof (gives us a couple more years) and in this case does not really have any drawbacks. Tested: Checked to see that a new secp384r1 key is generated on first boot and the generate CSR redfish option works. Change-Id: I334fc56db3dd55058a4c6780f8966bcc48d8f816 Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

commit: aaf3206f0ef74a02b22c3e563a0babc3af4b2e3a [log] [tgz]
author: Vernon Mauery <vernon.mauery@linux.intel.com> Mon Mar 09 10:41:31 2020 -0700
committer: Vernon Mauery <vernon.mauery@linux.intel.com> Mon Mar 09 10:41:31 2020 -0700
tree: be91ab36fcc05ce32be880ea2d322515889aac8d
parent: 397fd61f34fab6922cdf84c4f411a2b1bd174a1f [diff]
diff --git a/redfish-core/lib/certificate_service.hpp b/redfish-core/lib/certificate_service.hpp
index 6cb5b86..66ddab8 100644
--- a/redfish-core/lib/certificate_service.hpp
+++ b/redfish-core/lib/certificate_service.hpp

@@ -285,7 +285,7 @@
         std::optional<std::string> optGivenName = "";
         std::optional<std::string> optInitials = "";
         std::optional<int64_t> optKeyBitLength = RSA_KEY_BIT_LENGTH;
-        std::optional<std::string> optKeyCurveId = "prime256v1";
+        std::optional<std::string> optKeyCurveId = "secp384r1";
         std::optional<std::string> optKeyPairAlgorithm = "EC";
         std::optional<std::vector<std::string>> optKeyUsage =
             std::vector<std::string>();
commit	aaf3206f0ef74a02b22c3e563a0babc3af4b2e3a	[log] [tgz]
author	Vernon Mauery <vernon.mauery@linux.intel.com>	Mon Mar 09 10:41:31 2020 -0700
committer	Vernon Mauery <vernon.mauery@linux.intel.com>	Mon Mar 09 10:41:31 2020 -0700
tree	be91ab36fcc05ce32be880ea2d322515889aac8d
parent	397fd61f34fab6922cdf84c4f411a2b1bd174a1f [diff]