Preserve v3 extensions when signing x.509 certificates - this is necessary for Subject Alternative Names to survive

This commit is contained in:
Danielle McLean 2017-05-01 13:25:38 +10:00
parent 954124ac56
commit 44c7f61e3d
Signed by: 00dani
GPG key ID: 5A5D2D1AFF12EEC5

View file

@ -4,4 +4,4 @@ if ! [[ -r $1 ]]; then
exit 1 exit 1
fi fi
ca=/etc/ssl/$HOST/root ca=/etc/ssl/$HOST/root
sudo openssl x509 -req -CA $ca.crt -CAkey $ca.key -CAcreateserial -sha256 -days 30 -in $1 -out ${1:r}.crt sudo openssl x509 -req -CA $ca.crt -CAkey $ca.key -CAcreateserial -sha256 -days 30 -extensions v3_req -extfile /usr/local/etc/openssl/openssl.cnf -in $1 -out ${1:r}.crt