--- loncom/request_ssl_key.sh	2009/01/27 01:23:26	1.2
+++ loncom/request_ssl_key.sh	2016/05/16 15:24:17	1.4
@@ -26,7 +26,7 @@ if [ $(whoami) != "root" ] ; then
     fi
 fi
 
-openssl req -newkey rsa:1024 -passout pass:loncapa \
+openssl req -newkey rsa:2048 -passout pass:loncapa \
     -keyout lonKey.enc -keyform PEM  \
     -out    CertRequest.pem -outform PEM
 
@@ -40,6 +40,14 @@ if [ $(pwd) != "$DESTDIR" ] ; then
     rm lonKey.pem
 else
     chmod 0400 lonKey.pem
+    CURROWNER=`stat -c %U lonKey.pem`
+    if [ $CURROWNER != $DESTUID ] ; then
+        chown $DESTUID:$DESTGROUP lonKey.pem
+        CURROWNER=`stat -c %U lonKey.pem`
+        if [ $CURROWNER != $DESTUID ] ; then
+            echo "$DESTUID is not the owner of $DESTDIR/lonKey.pem. As root you need to change ownership of this file to $DESTUID:$DESTGROUP."
+        fi
+    fi
 fi
 
 rm lonKey.enc