Created
January 9, 2018 22:03
-
-
Save scottellis/b27773a4c8242b1a395854b8418d6900 to your computer and use it in GitHub Desktop.
Mender keygen Add SubjectAltName to certs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit 4c4c36d25ef2c64554a7ff7aa7c87de6b17af329 | |
Author: Scott Ellis <scott@jumpnowtek.com> | |
Date: Sun Jan 7 09:40:13 2018 -0500 | |
keygen: Add SubjectAltName to certs | |
diff --git a/keygen b/keygen | |
index 25ec8aa..0ccc5b2 100755 | |
--- a/keygen | |
+++ b/keygen | |
@@ -40,11 +40,21 @@ cd $CERTDIR | |
mkdir api-gateway storage-proxy | |
cd api-gateway | |
-openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_API_CN | |
+if [ -n ${CERT_API_SAN} ]; then | |
+ openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_API_CN \ | |
+ -extensions SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CERT_API_SAN}")) | |
+else | |
+ openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_API_CN | |
+fi | |
cd .. | |
cd storage-proxy | |
-openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_STORAGE_CN | |
+if [ -n ${CERT_STORAGE_SAN} ]; then | |
+ openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_STORAGE_CN \ | |
+ -extensions SAN -config <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=${CERT_STORAGE_SAN}")) | |
+else | |
+ openssl req -x509 -sha256 -nodes -days $CERT_VALID_DAYS -newkey ec:<(openssl ecparam -name prime256v1) -keyout $FILE_NAME_PRIVATE_KEY -out $FILE_NAME_CERT -subj /CN=$CERT_STORAGE_CN | |
+fi | |
cd .. | |
# concatenate the certificates for inclusion on the Mender client |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment