Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Mender keygen Add SubjectAltName to certs
commit 4c4c36d25ef2c64554a7ff7aa7c87de6b17af329
Author: Scott Ellis <scott@jumpnowtek.com>
Date: Sun Jan 7 09:40:13 2018 -0500
keygen: Add SubjectAltName to certs
diff --git a/keygen b/keygen
index 25ec8aa..0ccc5b2 100755
--- a/keygen
+++ b/keygen
@@ -40,11 +40,21 @@ cd $CERTDIR
mkdir api-gateway storage-proxy
cd api-gateway
-openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_API_CN
+if [ -n ${CERT_API_SAN} ]; then
+ openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_API_CN \
+ -extensions SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CERT_API_SAN}"))
+else
+ openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_API_CN
+fi
cd ..
cd storage-proxy
-openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_STORAGE_CN
+if [ -n ${CERT_STORAGE_SAN} ]; then
+ openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_STORAGE_CN \
+ -extensions SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CERT_STORAGE_SAN}"))
+else
+ openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_STORAGE_CN
+fi
cd ..
# concatenate the certificates for inclusion on the Mender client
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.