From 44c7f61e3d1167807f30aa40d77f460516d9445a Mon Sep 17 00:00:00 2001
From: Danielle McLean <dani@00dani.me>
Date: Mon, 1 May 2017 13:25:38 +1000
Subject: [PATCH] Preserve v3 extensions when signing x.509 certificates - this
 is necessary for Subject Alternative Names to survive

---
 local/bin/sign-with-own-ca | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/local/bin/sign-with-own-ca b/local/bin/sign-with-own-ca
index 99e2815..96cefc1 100755
--- a/local/bin/sign-with-own-ca
+++ b/local/bin/sign-with-own-ca
@@ -4,4 +4,4 @@ if ! [[ -r $1 ]]; then
 	exit 1
 fi
 ca=/etc/ssl/$HOST/root
-sudo openssl x509 -req -CA $ca.crt -CAkey $ca.key -CAcreateserial -sha256 -days 30 -in $1 -out ${1:r}.crt
+sudo openssl x509 -req -CA $ca.crt -CAkey $ca.key -CAcreateserial -sha256 -days 30  -extensions v3_req -extfile /usr/local/etc/openssl/openssl.cnf -in $1 -out ${1:r}.crt