I'm deploying several servers with TLS. The servers are different but related and each having their own certificate generated by letsencrypt.
To increase the security, I'm generating my own Diffie Hellman group.
openssl dhparam -out dhparams.pem 2048
The question now is whether this dhparams.pem file is considered secret and if I need a unique one for each server?
Ideally I would like to include the dhparams.pem file in my distribution package and install the same file on every server. This is so that the group will be unique for my group of servers, yet not every server in the group. Would this be alright security-wise?
