diff options
-rwxr-xr-x | satellit_installer/static_files/slx-cert | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/satellit_installer/static_files/slx-cert b/satellit_installer/static_files/slx-cert index fac8d26..3f5cc3e 100755 --- a/satellit_installer/static_files/slx-cert +++ b/satellit_installer/static_files/slx-cert @@ -189,11 +189,24 @@ if [ -n "$mknew" ] || [ "${#srv_list[@]}" = 0 ] \ done echo "Signing with $in_cert" create_conf + # Need extfile for SAN, chromium doesn't honor CN anymore + cat > "${csr}.cnf" <<-END + basicConstraints = CA:FALSE + nsCertType = server + nsComment = "OpenSSL Generated Server Certificate" + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid,issuer:always + keyUsage = critical, digitalSignature, keyEncipherment + extendedKeyUsage = serverAuth + subjectAltName = @alt_names + [alt_names] + DNS.1 = satellite.bwlehrpool + END openssl ca -config "$ca_config" -create_serial -policy policy_anything -days "$srv_days" \ - -cert "$in_cert" -keyfile "${PRIV}/intermediate.key" \ + -cert "$in_cert" -keyfile "${PRIV}/intermediate.key" -extfile "${csr}.cnf" \ -notext -name CA_openslx -batch -out "${CERT}/srv-${srv_new_ts}.crt" -in "$csr" || exit 4 rm -rf -- "$ca_dir" - rm -f -- "$csr" + rm -f -- "$csr" "${csr}.cnf" mv "${PRIV}/srv.key.tmp" "${PRIV}/srv-${srv_new_ts}.key" || exit 5 srv_list+=( "$srv_new_ts" ) |