partialy fixes #13

Author: BertrandGouny

image/service/slapd/container-start.sh

@@ -47,7 +47,8 @@ if [ ! -e "$FIRST_START_DONE" ]; then
     /sbin/ssl-helper "/container/service/slapd/assets/certs/$LDAP_CRT" "/container/service/slapd/assets/certs/$LDAP_KEY" --ca-crt=/container/service/slapd/assets/certs/$CA_CRT --gnutls
 
     # create DHParamFile if not found
-    [ -f /container/service/slapd/assets/certs/dhparam.pem ] || openssl dhparam -out /container/service/slapd/assets/certs/dhparam.pem 2048
+    [ -f /container/service/slapd/assets/certs/dhparam.pem ] || certtool --generate-dh-param --sec-param=high --outfile=/container/service/slapd/assets/certs/dhparam.pem
+    chmod 600 /container/service/slapd/assets/certs/dhparam.pem
 
     # fix file permissions
     chown -R openldap:openldap /container/service/slapd