scottellis/keygen-Add-SubjectAltName-to-certs.patch

## keygen-Add-SubjectAltName-to-certs.patch
commit 4c4c36d25ef2c64554a7ff7aa7c87de6b17af329
Author: Scott Ellis <scott@jumpnowtek.com>
Date:   Sun Jan 7 09:40:13 2018 -0500

    keygen: Add SubjectAltName to certs

diff --git a/keygen b/keygen
index 25ec8aa..0ccc5b2 100755
--- a/keygen
+++ b/keygen
@@ -40,11 +40,21 @@ cd $CERTDIR
 mkdir api-gateway storage-proxy

 cd api-gateway
-openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_API_CN
+if [ -n ${CERT_API_SAN} ]; then
+  openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_API_CN \
+    -extensions SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CERT_API_SAN}"))
+else
+  openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_API_CN
+fi
 cd ..

 cd storage-proxy
-openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_STORAGE_CN
+if [ -n ${CERT_STORAGE_SAN} ]; then
+  openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_STORAGE_CN \
+    -extensions SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CERT_STORAGE_SAN}"))
+else
+  openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_STORAGE_CN
+fi
 cd ..

 # concatenate the certificates for inclusion on the Mender client
	commit 4c4c36d25ef2c64554a7ff7aa7c87de6b17af329
	Author: Scott Ellis <scott@jumpnowtek.com>
	Date: Sun Jan 7 09:40:13 2018 -0500

	keygen: Add SubjectAltName to certs

	diff --git a/keygen b/keygen
	index 25ec8aa..0ccc5b2 100755
	--- a/keygen
	+++ b/keygen
	@@ -40,11 +40,21 @@ cd $CERTDIR
	mkdir api-gateway storage-proxy

	cd api-gateway
	-openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_API_CN
	+if [ -n ${CERT_API_SAN} ]; then
	+ openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_API_CN \
	+ -extensions SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CERT_API_SAN}"))
	+else
	+ openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_API_CN
	+fi
	cd ..

	cd storage-proxy
	-openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_STORAGE_CN
	+if [ -n ${CERT_STORAGE_SAN} ]; then
	+ openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_STORAGE_CN \
	+ -extensions SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CERT_STORAGE_SAN}"))
	+else
	+ openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_STORAGE_CN
	+fi
	cd ..

	# concatenate the certificates for inclusion on the Mender client