Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Mender keygen Add SubjectAltName to certs
commit 4c4c36d25ef2c64554a7ff7aa7c87de6b17af329
Author: Scott Ellis <scott@jumpnowtek.com>
Date: Sun Jan 7 09:40:13 2018 -0500
keygen: Add SubjectAltName to certs
diff --git a/keygen b/keygen
index 25ec8aa..0ccc5b2 100755
--- a/keygen
+++ b/keygen
@@ -40,11 +40,21 @@ cd $CERTDIR
mkdir api-gateway storage-proxy
cd api-gateway
-openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_API_CN
+if [ -n ${CERT_API_SAN} ]; then
+ openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_API_CN \
+ -extensions SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CERT_API_SAN}"))
+else
+ openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_API_CN
+fi
cd ..
cd storage-proxy
-openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_STORAGE_CN
+if [ -n ${CERT_STORAGE_SAN} ]; then
+ openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_STORAGE_CN \
+ -extensions SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CERT_STORAGE_SAN}"))
+else
+ openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_STORAGE_CN
+fi
cd ..
# concatenate the certificates for inclusion on the Mender client
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment