From de63c0747f4c596cdaa1cf264aa4715ed64977a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Tue, 10 Jul 2018 17:46:41 +0200 Subject: [PATCH] Support for SAN in self-signed certificates --- evoacme/files/make-csr.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/evoacme/files/make-csr.sh b/evoacme/files/make-csr.sh index 7bbff77f..f2257a2f 100755 --- a/evoacme/files/make-csr.sh +++ b/evoacme/files/make-csr.sh @@ -80,13 +80,17 @@ openssl_selfsigned() { local csr="$1" local key="$2" local crt="$3" + local cfg="$4" local crt_dir=$(dirname ${crt}) [ -r "${csr}" ] || error "File ${csr} is not readable" [ -r "${key}" ] || error "File ${key} is not readable" [ -w "${crt_dir}" ] || error "Directory ${crt_dir} is not writable" - - "${OPENSSL_BIN}" x509 -req -sha256 -days 365 -in "${csr}" -signkey "${key}" -out "${crt}" 2> /dev/null + if grep -q SAN "${cfg}"; then + "${OPENSSL_BIN}" x509 -req -sha256 -days 365 -in "${csr}" -extensions SAN -extfile "${cfg}" -signkey "${key}" -out "${crt}" 2> /dev/null + else + "${OPENSSL_BIN}" x509 -req -sha256 -days 365 -in "${csr}" -signkey "${key}" -out "${crt}" 2> /dev/null + fi [ -r "${crt}" ] || error "Something went wrong, ${crt} has not been generated" } @@ -160,7 +164,7 @@ EOF chmod 644 "${CSR_FILE}" mkdir -p -m 0755 "${SELF_SIGNED_DIR}" - openssl_selfsigned "${CSR_FILE}" "${SSL_KEY_FILE}" "${SELF_SIGNED_FILE}" + openssl_selfsigned "${CSR_FILE}" "${SSL_KEY_FILE}" "${SELF_SIGNED_FILE}" "${config_file}" [ -r "${SELF_SIGNED_FILE}" ] && chmod 644 "${SELF_SIGNED_FILE}" debug "Self-signed certificate stored at ${SELF_SIGNED_FILE}"